Issue 628538 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 508425
Owner:	----
Closed:	Jul 2016
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug
Reproducible Stability-ThreadSanitizer Clusterfuzz

Data race in ff_init_ff_cos_tabs

Project Member Reported by ClusterFuzz, Jul 15 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6466140427780096

Fuzzer: attekett_dom_fuzzer
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Data race WRITE 4
Crash Address: 0x7f6f0b18c184
Crash State:
  ff_init_ff_cos_tabs
  ff_rdft_init
  av_rdft_init
  

Minimized Testcase (0.68 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv95bS6efndeGX_UBCn6radBablXcFj-AJqVQ06473EAg7QJyPK1LH7RmyFPTuB1tbcU0khZx12Teg07uTHXbWNaN_Z6Gi3bM8VD1OxYWbQWyb5rffFwQ4AIuzahj2Wq0-RnqPflJizY8O2V5rsiWPaafk7VRHA?testcase_id=6466140427780096
<script>
var sampleRate = 44100.0;
var renderLengthSeconds = 8;
var pulseLengthSeconds = 1;
var pulseLengthFrames = pulseLengthSeconds * sampleRate;
function createSquarePulseBuffer(context, sampleFrameLength) {
    var audioBuffer = context.createBuffer(1, sampleFrameLength, context.sampleRate);
    return audioBuffer;
}
    var context = new OfflineAudioContext(2, sampleRate * renderLengthSeconds, sampleRate);
    var squarePulse = createSquarePulseBuffer(context, pulseLengthFrames);
    var convolver = context.createConvolver();
    convolver.buffer = squarePulse;
    convolver.connect(context.destination);
    context.startRendering();
    convolver.buffer = squarePulse;
  </script>


Filer: ajha

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by ajha@chromium.org, Jul 15 2016

Mergedinto: 508425
Status: Duplicate (was: Available)

Project Member

Comment 2 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Project Member

Comment 3 by ClusterFuzz, Oct 11 2017

ClusterFuzz has detected this issue as fixed in range 507846:507876.

Detailed report: https://clusterfuzz.com/testcase?key=6466140427780096

Fuzzer: attekett_dom_fuzzer
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Data race WRITE 4
Crash Address: 0x7f963a6ff924
Crash State:
  ff_init_ff_cos_tabs
  ff_rdft_init
  av_rdft_init
  
Sanitizer: thread (TSAN)

Fixed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=507846:507876

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6466140427780096

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

►

Issue 628538 link

Issue metadata

Data race in ff_init_ff_cos_tabs

Issue description

Comment 1 by ajha@chromium.org, Jul 15 2016

Comment 1 Deleted

Comment 2 by sheriffbot@chromium.org, Nov 22 2016

Comment 2 Deleted

Comment 3 by ClusterFuzz, Oct 11 2017

Comment 3 Deleted

Sign in to add a comment