Issue metadata
Sign in to add a comment
|
Integer-overflow in webrtc::RemoteEstimatorProxy::BuildFeedbackPacket |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5782340639129600 Fuzzer: libfuzzer_congestion_controller_feedback_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: webrtc::RemoteEstimatorProxy::BuildFeedbackPacket webrtc::RemoteEstimatorProxy::Process webrtc::FuzzOneInput Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=407738:407796 Minimized Testcase (0.02 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97WyvYIA103P9JUfxJsltCel8aD6TQJzCMBZIcPeT0BH8WVXGS-yAOXC0t2dFIhLSwlg4Y4SOcbSjUyGsDxY8zqNswzCWF08gErbal9K2wz0w7uZXMOEDd4vOOVkWXdcgUXN_ddutGebgw42Soafnd0ohjN7A?testcase_id=5782340639129600 Filer: rnimmagadda See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jul 29 2016
sprang@, I added this fuzzer when investigating a crash in the transport feedback which was introduced when you fixed the issue with lost packets not being represented if they are in between two feedback reports. See https://chromium.googlesource.com/external/webrtc/trunk/webrtc.git/+/606fbfbe58168173da877fc6d3d257d227a619fc Could you help me investigate this new issue?
,
Aug 2 2016
The following revision refers to this bug: https://chromium.googlesource.com/external/webrtc.git/+/9eb3d5def407f9898859889841133e5a48286c95 commit 9eb3d5def407f9898859889841133e5a48286c95 Author: sprang <sprang@webrtc.org> Date: Tue Aug 02 09:00:25 2016 Add sanity check for arrival timestamps. BUG= chromium:632614 Review-Url: https://codereview.webrtc.org/2195663002 Cr-Commit-Position: refs/heads/master@{#13600} [modify] https://crrev.com/9eb3d5def407f9898859889841133e5a48286c95/webrtc/modules/remote_bitrate_estimator/remote_estimator_proxy.cc
,
Aug 3 2016
ClusterFuzz has detected this issue as fixed in range 409146:409213. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5782340639129600 Fuzzer: libfuzzer_congestion_controller_feedback_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: webrtc::RemoteEstimatorProxy::BuildFeedbackPacket webrtc::RemoteEstimatorProxy::Process webrtc::FuzzOneInput Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=407738:407796 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=409146:409213 Minimized Testcase (0.02 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97WyvYIA103P9JUfxJsltCel8aD6TQJzCMBZIcPeT0BH8WVXGS-yAOXC0t2dFIhLSwlg4Y4SOcbSjUyGsDxY8zqNswzCWF08gErbal9K2wz0w7uZXMOEDd4vOOVkWXdcgUXN_ddutGebgw42Soafnd0ohjN7A?testcase_id=5782340639129600 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 3 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by rnimmagadda@chromium.org
, Jul 29 2016Components: Tools>Test>FindIt>CorrectResult Blink>WebRTC
Labels: -Pri-1 -Type-Bug M-54 Findit-for-crash Te-Logged Pri-2 Type-Bug-Regression
Owner: sprang@chromium.org
Status: Assigned (was: Untriaged)