Integer-overflow in WebRtcIlbcfix_CbConstruct |
|||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4719790369538048 Fuzzer: libfuzzer_audio_decoder_ilbc_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: WebRtcIlbcfix_CbConstruct WebRtcIlbcfix_DecodeResidual WebRtcIlbcfix_DecodeImpl Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=398351:399229 Minimized Testcase (0.14 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95IDGJUz3GxVyzBpn9qx9OawRJlPBZTLazE8zkVUugl0arrk_M1p5gNatvS4_jVZKQA4NAzyUlOIFL_w-Rxg_XbEJh1IQRqjwrWVCEB59fmUt8YiGDX1ZpSgY-Fn14z7MjxWVY3NcU_MkceE-AFbJoJrcAwFw?testcase_id=4719790369538048 Issue manually filed by: mummareddy See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Sep 7 2016
Lowering prio to 3, since iLBC is only used in tests.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 3 2017
,
Oct 24 2017
For more information, please see https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md. The link referenced in the description is no longer valid. (bulk edit)
,
Apr 18 2018
ClusterFuzz has detected this issue as fixed in range 551565:551569. Detailed report: https://clusterfuzz.com/testcase?key=4719790369538048 Fuzzer: libFuzzer_audio_decoder_ilbc_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: WebRtcIlbcfix_CbConstruct WebRtcIlbcfix_DecodeResidual WebRtcIlbcfix_DecodeImpl Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=398351:399229 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=551565:551569 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4719790369538048 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 18 2018
ClusterFuzz testcase 4719790369538048 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by mummare...@chromium.org
, Sep 2 2016Labels: findit-wrong Te-Logged M-53
Owner: kwiberg@chromium.org
Status: Assigned (was: Untriaged)