Issue metadata
Sign in to add a comment
|
Integer-overflow in webrtc::FuzzOneInput |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6171508735213568 Fuzzer: libfuzzer_congestion_controller_feedback_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: webrtc::FuzzOneInput _start Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=407738:407796 Minimized Testcase (0.03 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97Q3EopWhRRqEw1Vg0K6akk5KLRcPTW7kRMwVFgETQXez2K-tEbf5wDZs7igfCrC49wdX26v7AHssasXKs4gugi4TqWSzVIesjXHZyIqmjdcixV7QoJQqqo8nsGPJrBp8YxmkwyCxIyylTTfbyQpZXhCkkqBw?testcase_id=6171508735213568 Issue manually filed by: mmohammad See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Oct 6 2016
,
Oct 6 2016
Looks like a bug in the fuzz target in webrtc
,
Oct 6 2016
holmer@, arrival_time_ms is not bounded so arrival_time_ms += ByteReader<uint8_t>::ReadBigEndian(&data[i]); overflows during fuzzer-data parsing (not inside the congestion controller).
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 24 2017
For more information, please see https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md. The link referenced in the description is no longer valid. (bulk edit)
,
Nov 27 2017
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mmohammad@chromium.org
, Oct 6 2016Status: Assigned (was: Untriaged)