Issue metadata
Sign in to add a comment
|
Use-of-uninitialized-value in ~MediaContentDescriptionImpl |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5166762935189504 Fuzzer: libfuzzer_sdp_parser_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: ~MediaContentDescriptionImpl cricket::VideoContentDescription::~VideoContentDescription ParseContentDescription<cricket::VideoContentDescription> Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=419171:419261 Minimized Testcase (0.68 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95yAtjCmOOBklTw6OC5KztvpvW_f15vWW6N3Z4qMG31khko8KFzGG7M8lbLF1poMvPMkCX9bJCYtBCYcLXiiKAjW0TYUV9J5cpxA6arLAG3J7Jal1-rZ-gPoydstoBVUyRzrRnkn3001JW-dktSzNuPyxu4Mw?testcase_id=5166762935189504 v=0 o=moa...THIS_IS_SDPARTA-46.0.1 5115930144083302970 0 IN IPfingerprint4 0.0.0.0 s=- t=0 0 z=:1B:9A:B9:CF4E:9C:AE:D9 a=group:BUNDLE sdparta_0 sdparta_1 sdparta_2 a=ice-options:tlextmap:��urp- a=msid-semantic:WMS * m=audio 9 UDP/TLS/RTP/SAVPF 109 9 0 8 c=IN ndrec4} m=videoapplication 9 DTLS/SCTP v a=extmap:��urp-hdrext:ssrc-aud9-8bd4-3a8a57a5e592} a=rtcp-fb:120 nacd7f6af0531fd2a3 a=i��Ҋ����:3012 a=mid:sdparta_0 a=msid:{c-40ca-=2e9-efe0cedb4cba} 4489-8bd4-3a8a57a5e592} a=rtcp-fb:120 nack a=rtcp-fb:120 nack pli a=rtcp-fb:120 ccm fir a=sctp-portrtcpTHIS_IS_SDPARTA-46.0.1 51159301ck a=rtcp-fb:120 nack pli a=rtcp-fb:120 ccm fir a=sctp-portrtcpTHIS_IS_SDPARTA-46.0.z=:1B:9A:B9:CF4E:9C:AE:D9 a=gro Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Sep 17 2016
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 17 2016
,
Sep 18 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5320951153819648 Fuzzer: libfuzzer_sdp_parser_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: ~MediaContentDescriptionImpl ~AudioContentDescription cricket::AudioContentDescription::~AudioContentDescription Recommended Security Severity: Medium Minimized Testcase (1.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv969JhHTZNzrZc8ATKkXSZHdGoBWMH_UXyPVGpY66WYWY0LvdRo2TyU_oQsegaRkXcR_xAsv-S5J3I7D2iNWbKQdKGldqf7XwLPWxZ0VEoICIsXHSfR_rgBLkSmCdUKbZ3L-bqJURli3DhbxZZOlDhzoEYVsyw?testcase_id=5320951153819648 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Sep 18 2016
,
Sep 18 2016
Looks like libfuzzer_sdp_parser_fuzzer is finding everything and the kitchen sink.
,
Sep 19 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5320951153819648 Fuzzer: libfuzzer_sdp_parser_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: ~MediaContentDescriptionImpl ~AudioContentDescription cricket::AudioContentDescription::~AudioContentDescription Recommended Security Severity: Medium Minimized Testcase (1.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv969JhHTZNzrZc8ATKkXSZHdGoBWMH_UXyPVGpY66WYWY0LvdRo2TyU_oQsegaRkXcR_xAsv-S5J3I7D2iNWbKQdKGldqf7XwLPWxZ0VEoICIsXHSfR_rgBLkSmCdUKbZ3L-bqJURli3DhbxZZOlDhzoEYVsyw?testcase_id=5320951153819648 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Sep 19 2016
,
Sep 19 2016
,
Sep 26 2016
Re #6: :) Nice to see that Katriel's fuzzers are brutalizing our codebase.
,
Sep 28 2016
Same root cause as another issue: parsing "sctp-port" in a non-data description.
,
Oct 5 2016
ClusterFuzz has detected this issue as fixed in range 422777:422846. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5320951153819648 Fuzzer: libfuzzer_sdp_parser_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: ~MediaContentDescriptionImpl ~AudioContentDescription cricket::AudioContentDescription::~AudioContentDescription Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=419171:419261 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=422777:422846 Minimized Testcase (1.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv969JhHTZNzrZc8ATKkXSZHdGoBWMH_UXyPVGpY66WYWY0LvdRo2TyU_oQsegaRkXcR_xAsv-S5J3I7D2iNWbKQdKGldqf7XwLPWxZ0VEoICIsXHSfR_rgBLkSmCdUKbZ3L-bqJURli3DhbxZZOlDhzoEYVsyw?testcase_id=5320951153819648 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 5 2016
ClusterFuzz has detected this issue as fixed in range 422777:422846. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5166762935189504 Fuzzer: libfuzzer_sdp_parser_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: ~MediaContentDescriptionImpl cricket::VideoContentDescription::~VideoContentDescription ParseContentDescription<cricket::VideoContentDescription> Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=419171:419261 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=422777:422846 Minimized Testcase (0.68 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95yAtjCmOOBklTw6OC5KztvpvW_f15vWW6N3Z4qMG31khko8KFzGG7M8lbLF1poMvPMkCX9bJCYtBCYcLXiiKAjW0TYUV9J5cpxA6arLAG3J7Jal1-rZ-gPoydstoBVUyRzrRnkn3001JW-dktSzNuPyxu4Mw?testcase_id=5166762935189504 v=0 o=moa...THIS_IS_SDPARTA-46.0.1 5115930144083302970 0 IN IPfingerprint4 0.0.0.0 s=- t=0 0 z=:1B:9A:B9:CF4E:9C:AE:D9 a=group:BUNDLE sdparta_0 sdparta_1 sdparta_2 a=ice-options:tlextmap:��urp- a=msid-semantic:WMS * m=audio 9 UDP/TLS/RTP/SAVPF 109 9 0 8 c=IN ndrec4} m=videoapplication 9 DTLS/SCTP v a=extmap:��urp-hdrext:ssrc-aud9-8bd4-3a8a57a5e592} a=rtcp-fb:120 nacd7f6af0531fd2a3 a=i��Ҋ����:3012 a=mid:sdparta_0 a=msid:{c-40ca-=2e9-efe0cedb4cba} 4489-8bd4-3a8a57a5e592} a=rtcp-fb:120 nack a=rtcp-fb:120 nack pli a=rtcp-fb:120 ccm fir a=sctp-portrtcpTHIS_IS_SDPARTA-46.0.1 51159301ck a=rtcp-fb:120 nack pli a=rtcp-fb:120 ccm fir a=sctp-portrtcpTHIS_IS_SDPARTA-46.0.z=:1B:9A:B9:CF4E:9C:AE:D9 a=gro See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 11 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Sep 17 2016