New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 648061 link

Starred by 1 user
Status: Fixed
Owner:
flim@chromium.org
Last visit > 30 days ago
Closed: Sep 2016
Cc:
kcc@chromium.org
pbos@chromium.org
mmoroz@chromium.org
aizatsky@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Integer-overflow in silk_CNG

Project Member Reported by ClusterFuzz, Sep 18 2016

Comment 1 by mmoroz@chromium.org, Sep 18 2016

Cc: mmoroz@chromium.org kcc@chromium.org aizatsky@chromium.org
Components: Blink>WebRTC
Owner: pbos@chromium.org
pbos@, assigning to you as a go-to person for WebRTC crashes.

FindIt says that the following CL is the culprit:

The result is a list of CLs that change the crashed files.

Author: Soren Skak Jensen
Project: chromium-opus
Changelist: https://chromium.googlesource.com/chromium/deps/opus.git/+/fab6397ae6b7ba9f500c87ea8b457570804b8bb0
Time: Tue Mar 15 13:51:28 2016
Lines 173-179 of file CNG.c which potentially caused crash are changed in this cl (frame #0, "silk_CNG").
Minimum distance from crash line to modified line: 0. (file: CNG.c, crashed on: 173, modified: 173).

Suspected Project: chromium-opus

Comment 2 by pbos@chromium.org, Sep 18 2016

Cc: pbos@chromium.org
Owner: flim@chromium.org
Status: Assigned (was: Untriaged)

Comment 3 by flim@chromium.org, Sep 19 2016

Status: Started (was: Assigned)

Comment 5 by flim@chromium.org, Sep 20 2016

Status: Fixed (was: Started)
Project Member

Comment 6 by ClusterFuzz, Sep 21 2016 

ClusterFuzz has detected this issue as fixed in range 419718:419788.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5675843194191872

Fuzzer: libfuzzer_audio_decoder_opus_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  silk_CNG
  silk_decode_frame
  silk_Decode
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=407796:407929
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=419718:419788

Minimized Testcase (0.26 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97u0_Hz7u7V9UFALVhJmvmZo-zvB76wNWPchDFPda3DX--H-x-yOudqPQlWi2N65hdweq2Clh_Vsy1ftqBfr37hYTtoKITtvlsw5JQxthbIY6ezW1lKrpTVWghYaJo2_9uXtlsRbhVZ8NJhoJITue73zWU2-w?testcase_id=5675843194191872

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 7 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment