ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5991079291912192

Fuzzer: libfuzzer_audio_decoder_ilbc_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  WebRtcIlbcfix_Smooth
  WebRtcIlbcfix_Enhancer
  WebRtcIlbcfix_EnhancerInterface
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=396407:396452

Minimized Testcase (0.05 Kb): https://cluster-fuzz.appspot.com/download/AMIfv955EJQT-D9wg-521AwS1fzhq3wDqmWOGVAu1Cee6TiqkDytA3Iv3mD8fEm69VNlAG6UPawEWcOrLmxKJrcKEOrsfxoGnXP54ROVlsSlDcCajFEOrM2gyJn_oZvJ38ro09vxsvikojYI86M0aigmmVw9xLNNZw?testcase_id=5991079291912192

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6614315876745216

Fuzzer: libfuzzer_audio_decoder_ilbc_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  WebRtcIlbcfix_Smooth
  WebRtcIlbcfix_Enhancer
  WebRtcIlbcfix_EnhancerInterface
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=396407:396452

Minimized Testcase (0.05 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94xeU8p6cLeIMKi7gTPyvMDVEEf1ezaJ5252VdptqRaBr5CY78ry9s5XL9TdYtxxkrSP3hZri-yR6UB7CWN4GzU-LBTlFiDgtx799abpBHa_9F21rsAxFe760mFPzfDH3dWjISwZlQc4KGrD-JlP1PZH8Elug?testcase_id=6614315876745216

Filer: mmoroz

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Since iLBC is not included in Chrome (only in the fuzzer test), I'm reducing prio on this.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6032703946489856

Fuzzer: libfuzzer_audio_decoder_ilbc_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  WebRtcIlbcfix_Smooth
  WebRtcIlbcfix_Enhancer
  WebRtcIlbcfix_EnhancerInterface
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=396407:396452

Minimized Testcase (0.05 Kb): https://cluster-fuzz.appspot.com/download/AMIfv940ycDHePjoYkjfol9VCUz_GrNLb7uxzNwhm-EXfhzGhrTI5KaIqMDRCHsxtHxPl0CBMdOhYQqmQPtJTNr069LJhovvJX1niOCYKJ2GpN1HuUB61nAWKQYU0jCrYht-CTAR2m8Kx4Yq7_QKgy8LP2J0uSEwWQ?testcase_id=6032703946489856

Filer: rnimmagadda

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Gentle Ping.

@kwiberg: Could you please provide some update on this issue.

Thank you.

CL up for review: https://codereview.webrtc.org/2258543002/

The following revision refers to this bug:
  https://chromium.googlesource.com/external/webrtc.git/+/7f82fc988ded707247f317019215e4abdd6fe19f

commit 7f82fc988ded707247f317019215e4abdd6fe19f
Author: kwiberg <kwiberg@webrtc.org>
Date: Mon Aug 22 14:43:42 2016

WebRtcIlbcfix_Smooth: Fix UBSan fuzzer bug (left shift of 1 by 31 overflows)

scale1 == 31 if and only if w10 == 0. So even though 1 << scale1
overflows, we know that the result of the multiplication should be 0.
Handle that case.

BUG= chromium:615818 

Review-Url: https://codereview.webrtc.org/2258543002
Cr-Commit-Position: refs/heads/master@{#13847}

[modify] https://crrev.com/7f82fc988ded707247f317019215e4abdd6fe19f/webrtc/modules/audio_coding/codecs/ilbc/smooth.c

The CL referenced in comment #10 should fix this bug.

Re-opening it as Clusterfuzz has detected the failure again.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5393397961719808

Fuzzer: libfuzzer_audio_decoder_ilbc_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  WebRtcIlbcfix_Smooth
  WebRtcIlbcfix_Enhancer
  WebRtcIlbcfix_EnhancerInterface
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=413325:413344

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97KdimErfqkRzCxd5OLBx5kZMUuHYL7MHXXHS5tMHLwXpXVIiz6OBYQgolAmrEAtguSdTojtESKVq1howRAo8z6OTrPNyunQtaAdPpOhjp9kBzMzAfmNeuIGxMZbin3Ch12j0b46YkhPu0D6f40u_ukZpnc2g?testcase_id=5393397961719808


Issue manually filed by: durga.behera

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Not sure if it's actually the same bug---instead of an overflowing left shift on line 171, it's an overflowing multiplication on line 172. And obviously the original fuzz input didn't find this new bug, or I would have found it myself while fixing the first one.

Never mind, though. The new one is a real bug too, and here is as good a place as any to whack it.

ClusterFuzz has detected this issue as fixed in range 413647:413747.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6032703946489856

Fuzzer: libfuzzer_audio_decoder_ilbc_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  WebRtcIlbcfix_Smooth
  WebRtcIlbcfix_Enhancer
  WebRtcIlbcfix_EnhancerInterface
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=396407:396452
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=413647:413747

Minimized Testcase (0.05 Kb): https://cluster-fuzz.appspot.com/download/AMIfv940ycDHePjoYkjfol9VCUz_GrNLb7uxzNwhm-EXfhzGhrTI5KaIqMDRCHsxtHxPl0CBMdOhYQqmQPtJTNr069LJhovvJX1niOCYKJ2GpN1HuUB61nAWKQYU0jCrYht-CTAR2m8Kx4Yq7_QKgy8LP2J0uSEwWQ?testcase_id=6032703946489856

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 415154:415258.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5393397961719808

Fuzzer: libfuzzer_audio_decoder_ilbc_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  WebRtcIlbcfix_Smooth
  WebRtcIlbcfix_Enhancer
  WebRtcIlbcfix_EnhancerInterface
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=413325:413344
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=415154:415258

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97KdimErfqkRzCxd5OLBx5kZMUuHYL7MHXXHS5tMHLwXpXVIiz6OBYQgolAmrEAtguSdTojtESKVq1howRAo8z6OTrPNyunQtaAdPpOhjp9kBzMzAfmNeuIGxMZbin3Ch12j0b46YkhPu0D6f40u_ukZpnc2g?testcase_id=5393397961719808


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot