New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 622125 link

Starred by 1 user

Issue metadata

Status: Verified
Owner:
Closed: Jul 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

frames <= frames_ in audio_buffer_queue.cc

Project Member Reported by ClusterFuzz, Jun 22 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6532381578362880

Fuzzer: inferno_flicker
Job Type: linux_asan_chrome_media
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  frames <= frames_ in audio_buffer_queue.cc
  media::AudioBufferQueue::SeekFrames
  media::AudioRendererAlgorithm::FillBuffer
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_media&range=326266:326287

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94l-_yCWf6ZvgfTUeeuh4dgWHXla9F_YAn07Tt_uZO-fMRU-UJEVrQY8CZjtcxWFijAWAe-T7MZ01NbGMOh8P2JWVlI5NVy_XuhxCFxETc6nF26oCgl1S4hmBCdQdMmbHzfxzLL4iCh48o4_QeFlliig8mttdagtnOkkHDzxX1Ns2DBMAk?testcase_id=6532381578362880


Filer: mummareddy

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
 
Cc: w...@chromium.org jrumm...@chromium.org dalecur...@chromium.org scherkus@chromium.org
Labels: Te-Logged M-52
Code search on audio_buffer_queue.cc, cc ing who modified the file. could someone please take a look and assign correct owner?
Cc: servolk@chromium.org wolenetz@chromium.org
ccing few more dev who made recent changes to audio_buffer_queue.cc
Labels: Needs-triage
Project Member

Comment 4 by sheriffbot@chromium.org, Jun 22 2016

Labels: -M-52 M-53 MovedFrom-52
Moving this nonessential bug to the next milestone.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Cc: a.ber...@samsung.com
I think the most likely suspect in that CL range is
https://codereview.chromium.org/1094783002
a.berwal@ could you take a look please?
Components: Internals>Media>Audio
Project Member

Comment 7 by sheriffbot@chromium.org, Jul 3 2016

Labels: -M-53 -Pri-1 M-54 MovedFrom-53 Pri-2
This issue is Pri-1 but has already been moved once. Lowering the priority and moving to the next milestone.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
In AudioRendererAlgorithm::FillBuffer (at https://cs.chromium.org/chromium/src/media/filters/audio_renderer_algorithm.cc?l=163) seek_frames might be audio_buffer_.frames() + 1 in case muted_partial_frame_ is incremented by audio_buffer_.frames() and muted_partial_frame_ is very close to 1 beforehand.
Then, the incrementation of muted_partial_frame_ might be rounded up. I suggest checking if seek_frames is larger than audio_buffer_.frame() and in this case decrease frames_to_render and retry. Should I make a CL?
Cc: -scherkus@chromium.org
Owner: maxmorin@chromium.org
Status: Assigned (was: Available)
whoops, somehow this got missed from my queue. Yes, please make a CL, thanks! Otherwise assign back to me and I'll find someone.
Status: Started (was: Assigned)
Project Member

Comment 11 by bugdroid1@chromium.org, Jul 13 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4b4d410a51e381550a06eed06eed502a69ef1508

commit 4b4d410a51e381550a06eed06eed502a69ef1508
Author: maxmorin <maxmorin@chromium.org>
Date: Wed Jul 13 07:05:43 2016

Check for bad floating point rounding in audio_renderer_algorithm.

BUG= 622125 

Review-Url: https://codereview.chromium.org/2127413002
Cr-Commit-Position: refs/heads/master@{#405062}

[modify] https://crrev.com/4b4d410a51e381550a06eed06eed502a69ef1508/media/filters/audio_renderer_algorithm.cc

Project Member

Comment 12 by bugdroid1@chromium.org, Jul 13 2016

Labels: merge-merged-2795
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4b4d410a51e381550a06eed06eed502a69ef1508

commit 4b4d410a51e381550a06eed06eed502a69ef1508
Author: maxmorin <maxmorin@chromium.org>
Date: Wed Jul 13 07:05:43 2016

Check for bad floating point rounding in audio_renderer_algorithm.

BUG= 622125 

Review-Url: https://codereview.chromium.org/2127413002
Cr-Commit-Position: refs/heads/master@{#405062}

[modify] https://crrev.com/4b4d410a51e381550a06eed06eed502a69ef1508/media/filters/audio_renderer_algorithm.cc

Project Member

Comment 13 by ClusterFuzz, Jul 14 2016

ClusterFuzz has detected this issue as fixed in range 405052:405102.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6532381578362880

Fuzzer: inferno_flicker
Job Type: linux_asan_chrome_media
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  frames <= frames_ in audio_buffer_queue.cc
  media::AudioBufferQueue::SeekFrames
  media::AudioRendererAlgorithm::FillBuffer
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_media&range=326266:326287
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_media&range=405052:405102

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94l-_yCWf6ZvgfTUeeuh4dgWHXla9F_YAn07Tt_uZO-fMRU-UJEVrQY8CZjtcxWFijAWAe-T7MZ01NbGMOh8P2JWVlI5NVy_XuhxCFxETc6nF26oCgl1S4hmBCdQdMmbHzfxzLL4iCh48o4_QeFlliig8mttdagtnOkkHDzxX1Ns2DBMAk?testcase_id=6532381578362880


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Status: Verified (was: Started)
Project Member

Comment 15 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment