Integer-overflow in WebRtcSpl_DotProductWithScale |
||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5895115622318080 Fuzzer: libfuzzer_neteq_rtp_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: WebRtcSpl_DotProductWithScale webrtc::Expand::AnalyzeSignal webrtc::Expand::Process Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=433878:433990 Minimized Testcase (2.84 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96FUjO6-wHU6zS8nXn_UhXNyXfM4OeGiMYZZvjGe5PsAAFre-2SibZev8-VRITfpeYCAkL1EeVXLHuemERuMcspoPi6Ycmv7F9o8NofK2yR-pKRxx_wAvRx3TJCT36s1Occ4OCPyIWCga60pcxmjLy3MPHQQw?testcase_id=5895115622318080 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Nov 28 2016
,
Nov 28 2016
Noticing webrtc rolls change in the CL range, https://chromium.googlesource.com/chromium/src/+log/6d1b1cb2d0fedff985eae5bd76fa13561262774e..4af1869e97cdf585994c422c22423f6d6fcf68ce?pretty=fuller @emircan -- Could you please look into the issue, kindly re-assign if this is not related to your changes. Thank You.
,
Nov 28 2016
,
Nov 28 2016
hlundin@, can you PTAL to see if it is related to the CL below? https://chromium.googlesource.com/external/webrtc/+/79dfdadbc861a56596a42ba9f40c8bcbf30e4d75
,
Dec 1 2016
I would not think that the indicated CL is to blame as such. Rather, I think that CL fixed another problem, which enabled the fuzzer to probe deeper and find this new problem. Nevertheless, I'll take this bug.
,
Dec 9 2016
Ivo, please, take a look at this.
,
Dec 16 2016
The following revision refers to this bug: https://chromium.googlesource.com/external/webrtc.git/+/ffecbbf5d0602147d644c94ee9a8f25e6c25733d commit ffecbbf5d0602147d644c94ee9a8f25e6c25733d Author: ivoc <ivoc@webrtc.org> Date: Fri Dec 16 13:51:49 2016 Fix for integer overflow in NetEq. BUG= chromium:668736 Review-Url: https://codereview.webrtc.org/2571483002 Cr-Commit-Position: refs/heads/master@{#15654} [modify] https://crrev.com/ffecbbf5d0602147d644c94ee9a8f25e6c25733d/webrtc/modules/audio_coding/acm2/audio_coding_module_unittest.cc [modify] https://crrev.com/ffecbbf5d0602147d644c94ee9a8f25e6c25733d/webrtc/modules/audio_coding/neteq/expand.cc [modify] https://crrev.com/ffecbbf5d0602147d644c94ee9a8f25e6c25733d/webrtc/modules/audio_coding/neteq/neteq_unittest.cc
,
Dec 17 2016
ClusterFuzz has detected this issue as fixed in range 439223:439312. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5895115622318080 Fuzzer: libfuzzer_neteq_rtp_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: WebRtcSpl_DotProductWithScale webrtc::Expand::AnalyzeSignal webrtc::Expand::Process Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=433878:433990 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=439223:439312 Minimized Testcase (2.84 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96FUjO6-wHU6zS8nXn_UhXNyXfM4OeGiMYZZvjGe5PsAAFre-2SibZev8-VRITfpeYCAkL1EeVXLHuemERuMcspoPi6Ycmv7F9o8NofK2yR-pKRxx_wAvRx3TJCT36s1Occ4OCPyIWCga60pcxmjLy3MPHQQw?testcase_id=5895115622318080 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Dec 17 2016
ClusterFuzz testcase 5895115622318080 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by ajha@chromium.org
, Nov 28 2016