Author: krasin
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/f45d529d19dad67376809c81119f4f38c98f97ae
Time: Thu Oct 22 01:46:22 2015
The CL last changed line 41 of file mp4_box_reader_fuzzer.cc, which is stack frame 4.

@krasin: Request you to please take a look into it. Please help us to reassign if not with respect to your change.

Thanks.!

ClusterFuzz has detected this issue as fixed in range 408933:408943.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6230106951647232

Fuzzer: libfuzzer_mp4_box_reader_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN
Crash Address: 0x03e900003fa6
Crash State:
  media::mp4::BoxReader::ScanChildren
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=408895:408933
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=408933:408943

Minimized Testcase (0.02 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95R4MKKN-va_NALvWtpck6TpIrXn-Bm-aI3SFamSdrrrmAl5SadKBZW2lE17ATwNlUkHvN0qp4bKUa1rioCxt78mBbNdKGklj20favimrmzt4YtVe3qGiYBABdHWcN7G5bLRL1VuUSMwHETCbhFYsyRFi1Gxw?testcase_id=6230106951647232

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Hi Ranjit,

this is a fuzzer: a piece of code specifically designed to find bugs. In this case, it's not the fuzzer to blame, but the mp4 parser. It's uncommon, but possiblle that fuzzer finds a crash that is not reproducible every time, that's why clusterfuzz has closed it this and the previous time:  https://crbug.com/633066 

Anyway, it's a real bug, thank you for filing it.

Max, Mike, can you please take a look?

ClusterFuzz has detected this issue as fixed in range 409041:409082.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6230106951647232

Fuzzer: libfuzzer_mp4_box_reader_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN
Crash Address: 0x03e900003fa6
Crash State:
  media::mp4::BoxReader::ScanChildren
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=408895:408933
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=409041:409082

Minimized Testcase (0.02 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95R4MKKN-va_NALvWtpck6TpIrXn-Bm-aI3SFamSdrrrmAl5SadKBZW2lE17ATwNlUkHvN0qp4bKUa1rioCxt78mBbNdKGklj20favimrmzt4YtVe3qGiYBABdHWcN7G5bLRL1VuUSMwHETCbhFYsyRFi1Gxw?testcase_id=6230106951647232

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Hm, looks strange. I cannot find any recent change that could be an unintended fix. Kicked off "redo fixed" job for both issues, nothing changed.

Checking locally at the moment.

Wait, it is a DCHECK causing the crash. The bug has been found with Debug build. Investigating why it has been filed.

Filed a bug 633642, will try to fix right now.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4644283028340736

Fuzzer: libfuzzer_mp4_box_reader_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN
Crash Address: 0x03e9000077f6
Crash State:
  media::mp4::BoxReader::ScanChildren
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=409173:409276

Minimized Testcase (0.02 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95P8wwgukn60X9zL58f1qRFpMqHFY7RCgXgqFMTykXYtYfG34Ze-3SjOQQrLAkha4af_pDmfRwtBpJSt4VcZhMxrKYo7k5NKv4bGRJ8rfrTSeu0Dnu8NTp0GmeObvoM9J-_3HxFtGvr5MWcd5anQvYjgWGzYQ?testcase_id=4644283028340736

Filer: ranjitkan

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

ClusterFuzz has detected this issue as fixed in range 409276:409365.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4644283028340736

Fuzzer: libfuzzer_mp4_box_reader_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN
Crash Address: 0x03e9000077f6
Crash State:
  media::mp4::BoxReader::ScanChildren
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=409173:409276
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=409276:409365

Minimized Testcase (0.02 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95P8wwgukn60X9zL58f1qRFpMqHFY7RCgXgqFMTykXYtYfG34Ze-3SjOQQrLAkha4af_pDmfRwtBpJSt4VcZhMxrKYo7k5NKv4bGRJ8rfrTSeu0Dnu8NTp0GmeObvoM9J-_3HxFtGvr5MWcd5anQvYjgWGzYQ?testcase_id=4644283028340736

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Closing this as per c#8. Will file a separate issue with a correct summary mentioning the debug version.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot