Crash in rtc::StreamInterface::PostEvent |
|||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4585121049214976 Fuzzer: libfuzzer_pseudotcp_parser_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: rtc::StreamInterface::PostEvent rtc::FifoBuffer::ConsumeWriteBuffer cricket::PseudoTcp::process Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=419151:419211 Minimized Testcase (2.75 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96BsQtrkSMK0R8yJ1fCbXKFciFMOGkdx1eatL3McF9VjCO3GeQcsPGlJCWpbUQKzNMSJANuOoFXazabvgZ7cUEyA1nkZYxFJIxMpEPPXECtKNJQAUU_hRfxGpojo9HubQvJr31rDAFUczawdlYDF9zAI9f-wg?testcase_id=4585121049214976 Issue manually filed by: mmoroz See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Sep 18 2016
sergeyu@ do I recall correctly that you guys kind of own PseudoTcp?
,
Sep 19 2016
It appears that the fuzzer was running cricket::PseudoTcp on a thread that didn't have rtc::Thread object, which normally should never be happening, so I don't think we need to do anything about it.
,
Sep 19 2016
Should be a bug in the fuzzer then, phoglund@ can you see if someone can pick this up?
,
Sep 26 2016
Re #3: Ok, any idea why it only happens sometimes? https://codereview.webrtc.org/2365373002/ should make a thread object exist for the lifetime of the fuzzer. Sergey, that what you meant?
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Dec 15 2016
,
Mar 8 2017
ClusterFuzz has detected this issue as fixed in range 455091:455226. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4585121049214976 Fuzzer: libfuzzer_pseudotcp_parser_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: rtc::StreamInterface::PostEvent rtc::FifoBuffer::ConsumeWriteBuffer cricket::PseudoTcp::process Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=419151:419211 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=455091:455226 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95VAU1odGpDlEU50Y7i1uewSYd-UuaGlw_Dp41Mr3GR--w-0KwATbCUQrZizzOR_VHSwTWYQsSr4wDjVB2cMdAZ0bSFB1XUPDKoUmZuG4Kvis64_k7G8SL4Bi2ucoyLyAMFM7F7WDkrffl82zME0ZgunYCyzIsoSax15ldwo974Etw8eI-SIcmWOkRRwvfUoj3CP9tLmvCEuaxJAjuyNwJWsaipCqQ4Vw4JDwfUYfqALFTVgSkvcnbU21uiYiBvtovgjnBZ7Au5PPbHyR97KDEABlayPDmTbtlW42vqrAtmylT2bSgbRHR_1nrSzvQV5TeBKjdTkQcKtsUrNpRaNM2v6NCS44LTcwwhgX_qljU1uHfq3rY?testcase_id=4585121049214976 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by mmoroz@chromium.org
, Sep 18 2016Components: Blink>WebRTC
Owner: pbos@chromium.org