Author: kwiberg
Project: chromium-webrtc
Changelist: https://chromium.googlesource.com/external/webrtc/trunk/webrtc.git/+/b9a5d2a304565d81be4a562deabd8397cc9a818a
Time: Tue Oct 04 16:33:27 2016
File neteq_impl.cc is changed in this cl (and is part of stack frame #3, "webrtc::NetEqImpl::DoRfc3389Cng"; frame #4, "webrtc::NetEqImpl::GetAudioInternal"; frame #5, "webrtc::NetEqImpl::GetAudio")
Minimum distance from crash line to modified line: 72. (file: neteq_impl.cc, crashed on: 210, modified: 282).

@kwiberg: Assigning to you, request you to please take a look into it. Please help us to reassign if not with respect to your change.

Thanks.!

I'm not at all sure that that CL is at fault, but I'm a good target for this sort of bug regardless. Thanks.

The following revision refers to this bug:
  https://chromium.googlesource.com/external/webrtc.git/+/05f3ec1356aa2dc924d8366bd94a0eef0666c30f

commit 05f3ec1356aa2dc924d8366bd94a0eef0666c30f
Author: kwiberg <kwiberg@webrtc.org>
Date: Fri Oct 07 14:38:48 2016

Fix "left shift of negative value" bug

The values in question are supposed to be able to be negative.

BUG= chromium:653448 

Review-Url: https://codereview.webrtc.org/2387333005
Cr-Commit-Position: refs/heads/master@{#14573}

[modify] https://crrev.com/05f3ec1356aa2dc924d8366bd94a0eef0666c30f/webrtc/common_audio/signal_processing/filter_ar.c

The CL in comment #4 fixes the bug according to my local testing.

ClusterFuzz has detected this issue as fixed in range 424632:424679.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4711374741831680

Fuzzer: libfuzzer_neteq_rtp_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  WebRtcSpl_FilterAR
  webrtc::ComfortNoiseDecoder::Generate
  webrtc::ComfortNoise::Generate
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=423119:423133
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=424632:424679

Minimized Testcase (0.01 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94aio4GSxo6SBcqUBiwhwd20Gx8x-p66I9ruZZC7KIyspcN99SwmTsXfwv2qdum_HS5A47qwqiyVubKdFh4fh7n7rccHllxAT1qQMg_AqiOXJcTy0mcUxztlaWlK7cSW1p_vmEwmt51WINUd23-8tgQjBsekA?testcase_id=4711374741831680

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot