Issue metadata
Sign in to add a comment
|
Use-of-uninitialized-value in webrtc::DspHelper::PeakDetection |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5613734552928256 Fuzzer: libfuzzer_neteq_rtp_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: webrtc::DspHelper::PeakDetection webrtc::Merge::CorrelateAndPeakSearch webrtc::Merge::Process Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=423120:423135 Minimized Testcase (3.99 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96tWBIlkvxKQ_yOsQcwX2WM0Z-6G0sUqaSJR2FO0XswBS3zXF_QOpTwoQjkYZxQY0giLgGxAUcvjGq4FaZkysq74dr9al1vsVC_M6pX1pDYcyJIpHxLevinyTe_WkHvVrDx0wyCg-jcfoBJRdnkoSKvAajAMg?testcase_id=5613734552928256 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Oct 12 2016
,
Oct 12 2016
I'll take a look.
,
Oct 12 2016
,
Oct 12 2016
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 12 2016
I have a CL up for review: https://codereview.webrtc.org/2412883002/.
,
Oct 13 2016
The following revision refers to this bug: https://chromium.googlesource.com/external/webrtc.git/+/c9ec8758db79c6fe4dee42d785f681931ddd7911 commit c9ec8758db79c6fe4dee42d785f681931ddd7911 Author: henrik.lundin <henrik.lundin@webrtc.org> Date: Thu Oct 13 09:43:34 2016 NetEq: Remove special case for Merge without Expand This was an ill tested special case which turned out to be more problem than benefit. The special case was only triggered when the decoder frame size was smaller than 10 ms, which is more or less unsupported by NetEq. Also fixed a bug in a test, a bug which was exposed by the code change. BUG= chromium:654983 Review-Url: https://codereview.webrtc.org/2412883002 Cr-Commit-Position: refs/heads/master@{#14627} [modify] https://crrev.com/c9ec8758db79c6fe4dee42d785f681931ddd7911/webrtc/modules/audio_coding/neteq/decision_logic_normal.cc [modify] https://crrev.com/c9ec8758db79c6fe4dee42d785f681931ddd7911/webrtc/modules/audio_coding/neteq/decision_logic_normal.h [modify] https://crrev.com/c9ec8758db79c6fe4dee42d785f681931ddd7911/webrtc/modules/audio_coding/neteq/neteq_impl_unittest.cc
,
Oct 13 2016
The CL in #7 fixes the issue in local testing. Since it is a CL in native WebRTC, it won't hit the fuzzer bots until the next import of WebRTC into Chrome (happens almost daily).
,
Oct 13 2016
,
Oct 17 2016
DEPS updated to point to a WebRTC version with this fix in revision https://chromium.googlesource.com/chromium/src/+/261f23680cdd23b4fccfbe9a210702ef278916df
,
Oct 18 2016
ClusterFuzz has detected this issue as fixed in range 425636:425656. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5613734552928256 Fuzzer: libfuzzer_neteq_rtp_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: webrtc::DspHelper::PeakDetection webrtc::Merge::CorrelateAndPeakSearch webrtc::Merge::Process Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=423120:423135 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=425636:425656 Minimized Testcase (3.99 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96tWBIlkvxKQ_yOsQcwX2WM0Z-6G0sUqaSJR2FO0XswBS3zXF_QOpTwoQjkYZxQY0giLgGxAUcvjGq4FaZkysq74dr9al1vsVC_M6pX1pDYcyJIpHxLevinyTe_WkHvVrDx0wyCg-jcfoBJRdnkoSKvAajAMg?testcase_id=5613734552928256 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 18 2016
,
Oct 25 2016
,
Oct 25 2016
The following revision refers to this bug: https://chromium.googlesource.com/external/webrtc.git/+/c64c620c83176c6766d3e150558bc866ebb7f7c5 commit c64c620c83176c6766d3e150558bc866ebb7f7c5 Author: Karl Wiberg <kwiberg@google.com> Date: Tue Oct 25 12:09:55 2016 NetEq: Remove special case for Merge without Expand (This is a backport of revision 14627 (c9ec8758db79c6fe4de). Original CL here: https://codereview.webrtc.org/2412883002) This was an ill tested special case which turned out to be more problem than benefit. The special case was only triggered when the decoder frame size was smaller than 10 ms, which is more or less unsupported by NetEq. Also fixed a bug in a test, a bug which was exposed by the code change. BUG= chromium:654983 , chromium:653656 R=ossu@webrtc.org Review URL: https://codereview.webrtc.org/2445373002 . Cr-Commit-Position: refs/branch-heads/55@{#2} Cr-Branched-From: 085ec0e4b1c0a17b024ac9cf399cd5a62e07ec99-refs/heads/master@{#14500} [modify] https://crrev.com/c64c620c83176c6766d3e150558bc866ebb7f7c5/webrtc/modules/audio_coding/neteq/decision_logic_normal.cc [modify] https://crrev.com/c64c620c83176c6766d3e150558bc866ebb7f7c5/webrtc/modules/audio_coding/neteq/decision_logic_normal.h [modify] https://crrev.com/c64c620c83176c6766d3e150558bc866ebb7f7c5/webrtc/modules/audio_coding/neteq/neteq_impl_unittest.cc
,
Oct 25 2016
,
Jan 24 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mmoroz@chromium.org
, Oct 12 2016Components: Blink>WebRTC
Labels: Pri-1
Owner: hlundin@chromium.org