Undefined-shift in WebRtcSpl_VectorBitShiftW16 |
||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5589225526525952 Fuzzer: libfuzzer_neteq_rtp_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Undefined-shift Crash Address: Crash State: WebRtcSpl_VectorBitShiftW16 webrtc::Expand::Correlation webrtc::Expand::AnalyzeSignal Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=427295:427323 Minimized Testcase (0.02 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97kTL2HqqVyCROjigtjseJSm32M0-R0L6iuG-Or_uPRlaPHR0eNteBoW-nz_fNxoclA1C9Hb4i0XUpTBXBzvCXOd5__H4-PYoUrUpP3divdKs-jkOdR78Laj6AT1uv4u5GVt5Y-z438xydFF3Puh3IFVF96Sg?testcase_id=5589225526525952 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Nov 14 2016
,
Nov 15 2016
,
Nov 15 2016
The following revision refers to this bug: https://chromium.googlesource.com/external/webrtc.git/+/79dfdadbc861a56596a42ba9f40c8bcbf30e4d75 commit 79dfdadbc861a56596a42ba9f40c8bcbf30e4d75 Author: henrik.lundin <henrik.lundin@webrtc.org> Date: Tue Nov 15 09:45:53 2016 Avoid left-shifting negative values in a number of places This is undefined behavior, according to specification. BUG= chromium:661133 Review-Url: https://codereview.webrtc.org/2500953003 Cr-Commit-Position: refs/heads/master@{#15078} [modify] https://crrev.com/79dfdadbc861a56596a42ba9f40c8bcbf30e4d75/webrtc/common_audio/signal_processing/levinson_durbin.c [modify] https://crrev.com/79dfdadbc861a56596a42ba9f40c8bcbf30e4d75/webrtc/common_audio/signal_processing/vector_scaling_operations.c [modify] https://crrev.com/79dfdadbc861a56596a42ba9f40c8bcbf30e4d75/webrtc/modules/audio_coding/neteq/expand.cc
,
Nov 16 2016
The fix was rolled into Chrome in https://crrev.com/361abd5fba1cc8e0e47f95e7f77aea8a325276d7. Waiting for fuzzer to find this and mark as fixed.
,
Nov 16 2016
,
Nov 16 2016
ClusterFuzz has detected this issue as fixed in range 432467:432520. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5589225526525952 Fuzzer: libfuzzer_neteq_rtp_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Undefined-shift Crash Address: Crash State: WebRtcSpl_VectorBitShiftW16 webrtc::Expand::Correlation webrtc::Expand::AnalyzeSignal Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=427295:427323 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=432467:432520 Minimized Testcase (0.02 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97kTL2HqqVyCROjigtjseJSm32M0-R0L6iuG-Or_uPRlaPHR0eNteBoW-nz_fNxoclA1C9Hb4i0XUpTBXBzvCXOd5__H4-PYoUrUpP3divdKs-jkOdR78Laj6AT1uv4u5GVt5Y-z438xydFF3Puh3IFVF96Sg?testcase_id=5589225526525952 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 17 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by mmohammad@chromium.org
, Nov 2 2016Owner: jiayl@chromium.org
Status: Assigned (was: Untriaged)