Integer-overflow in WebRtcIlbcfix_Smooth_odata |
||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4611390147133440 Fuzzer: libfuzzer_audio_decoder_ilbc_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: WebRtcIlbcfix_Smooth_odata WebRtcIlbcfix_Smooth WebRtcIlbcfix_Enhancer Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=398351:399229 Minimized Testcase (0.08 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94Eohtjf5QC47F5BGISV3VXGmzYI-z72zuWG_kDlegPj-RYliz2uBQwTK7EjL28l9RpLUDSmnCXdangtVJA5KnMDLVDQ6NIh3xVtNN-IDIB4nNMeHOK2xG1RPjoIe34wrk_rn4PYCLn5eE6xyiLQaqPaZT9sg?testcase_id=4611390147133440 Issue manually filed by: msrchandra See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Sep 7 2016
Lowering priority to 3, since iLBC is only included in tests.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 31 2017
Is this still a valid issue?
,
Apr 3 2017
Yes. It's very likely a genuine problem, but because we don't ship iLBC in any product it has a low priority.
,
Apr 6 2017
According to Blink's guidelines, Regressions should be treated as P1s -- and P1s should be fixed within 30 days...
,
Apr 6 2017
Ah---then the mistake is that it's labeled as a regression. The code in question hasn't changed in a very long time, but the fuzzer test that found the problem is relatively new.
,
Oct 24 2017
For more information, please see https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md. The link referenced in the description is no longer valid. (bulk edit)
,
Apr 18 2018
ClusterFuzz has detected this issue as fixed in range 551565:551569. Detailed report: https://clusterfuzz.com/testcase?key=4611390147133440 Fuzzer: libFuzzer_audio_decoder_ilbc_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: WebRtcIlbcfix_Smooth_odata WebRtcIlbcfix_Smooth WebRtcIlbcfix_Enhancer Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=398351:399229 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=551565:551569 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4611390147133440 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 18 2018
ClusterFuzz testcase 4611390147133440 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Jun 7 2018
[bulk-edit: disregard if N/A] Can the owner please set milestone to this bug if applicable? |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by msrchandra@chromium.org
, Sep 1 2016Labels: -Type-Bug Findit-for-crash Te-Logged Type-Bug-Regression
Owner: kwiberg@chromium.org
Status: Assigned (was: Untriaged)