Undefined-shift in block4 |
|||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6108513862680576 Fuzzer: libfuzzer_neteq_rtp_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Undefined-shift Crash Address: Crash State: block4 WebRtc_g722_decode webrtc::AudioDecoderG722::DecodeInternal Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=423119:423133 Minimized Testcase (0.01 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96PFmrANfq8ruusTBGZl66SQ0nTJqWB067QbbdaxKVt4NgNdXu0VHnanhSF3KXT31mbagXknZ6XWfoW0O-IOwK9V7QBL7CZneTguPSn4wf8Gcfwv40r013EwpYNXZdL5S6Ab6DVd7hOBDejpRPWrFH_6Mmsmg?testcase_id=6108513862680576 Issue manually filed by: mmohammad See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Oct 24 2016
kwiberg: You've done these kinds of changes before, right? It looks to me like it'd be enough just replacing the << 2 by * 4. Though I can't vouch for -192 * 4 actually being a usable number in g722, it probably maybe is? The code is here: https://cs.chromium.org/chromium/src/third_party/webrtc/modules/audio_coding/codecs/g722/g722_decode.c?dr&q=g722_decode.c:80&sq=package:chromium&l=80
,
Oct 24 2016
,
Oct 31 2016
The following revision refers to this bug: https://chromium.googlesource.com/external/webrtc.git/+/bc8074474d3da08ce00d44362a5ae0d772bbf3a2 commit bc8074474d3da08ce00d44362a5ae0d772bbf3a2 Author: kwiberg <kwiberg@webrtc.org> Date: Mon Oct 31 09:26:10 2016 Eliminate left shift of negative value by using multiplication instead NOPRESUBMIT=true BUG= chromium:653267 Review-Url: https://codereview.webrtc.org/2439353003 Cr-Commit-Position: refs/heads/master@{#14837} [modify] https://crrev.com/bc8074474d3da08ce00d44362a5ae0d772bbf3a2/webrtc/modules/audio_coding/codecs/g722/g722_decode.c
,
Oct 31 2016
The CL in comment #4 should fix this bug.
,
Nov 1 2016
ClusterFuzz has detected this issue as fixed in range 428756:428832. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6108513862680576 Fuzzer: libfuzzer_neteq_rtp_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Undefined-shift Crash Address: Crash State: block4 WebRtc_g722_decode webrtc::AudioDecoderG722::DecodeInternal Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=423119:423133 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=428756:428832 Minimized Testcase (0.01 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96PFmrANfq8ruusTBGZl66SQ0nTJqWB067QbbdaxKVt4NgNdXu0VHnanhSF3KXT31mbagXknZ6XWfoW0O-IOwK9V7QBL7CZneTguPSn4wf8Gcfwv40r013EwpYNXZdL5S6Ab6DVd7hOBDejpRPWrFH_6Mmsmg?testcase_id=6108513862680576 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by mmohammad@chromium.org
, Oct 5 2016Status: Assigned (was: Untriaged)