New issue
Advanced search Search tips

Issue 681849 link

Starred by 1 user
Status: Fixed
Owner:
sergeyu@chromium.org
Closed: Jan 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug



Sign in to add a comment

Crash in rtc::FatalMessage::~FatalMessage

Project Member Reported by ClusterFuzz, Jan 17 2017

Comment 1 by mummare...@chromium.org, Jan 17 2017

Components: Blink>WebRTC
Labels: M-57 Test-Predator-Correct
Owner: nisse@chromium.org
Status: Assigned (was: Untriaged)
The result is a list of CLs that change the crashed files. 

Author: nisse
Project: chromium-webrtc
Changelist: https://chromium.googlesource.com/external/webrtc/trunk/webrtc.git/+/a875ff85398782f352ea722be0c74865f2858ad6
Time: Thu Jan 12 13:15:36 2017
Lines 915 of file pseudotcp.cc which potentially caused crash are changed in this cl (frame #3, "cricket::PseudoTcp::process").
Minimum distance from crash line to modified line: 0. (file: pseudotcp.cc, crashed on: 915, modified: 915).

nisse@, could you please take a look and help us to find correct owner if it is not related your changes.

Comment 2 by nisse@chromium.org, Jan 18 2017

Owner: sergeyu@chromium.org
Sergey, can you have a look at this? As far as I'm aware, the pseudo tcp code is used only for remoting.

I recently changed ASSERT (from the old base/common.h) to RTC_DCHECK. The conditions for enabling these checks are slightly different so that might have helped to uncover problems.

Comment 3 by sergeyu@chromium.org, Jan 18 2017

Labels: -Pri-1 Pri-3
Status: Started (was: Assigned)
Pending fix: https://codereview.chromium.org/2640173002/

Comment 4 by sergeyu@chromium.org, Jan 20 2017

Status: Fixed (was: Started)
Project Member

Comment 5 by ClusterFuzz, Jan 27 2017 

ClusterFuzz has detected this issue as fixed in range 446341:446455.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4841406192680960

Fuzzer: libfuzzer_pseudotcp_parser_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: UNKNOWN
Crash Address: 0x03e900006826
Crash State:
  rtc::FatalMessage::~FatalMessage
  cricket::PseudoTcp::process
  cricket::PseudoTcp::parse
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=443565:443630
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=446341:446455

Minimized Testcase (5.44 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97DkRLWp3FWG1GCPJF1HJd3uP1D65i77t8lfhA5csJrYZUqdVF-_shyxwfuehzy8WLoSUKlpyPNoE8EEQz73ayOFPtkMPfDMD8nhe0j6bM0xUlYZtzRsAXMOjG5x4r9XqlM4U_06I2CoXSBeaivntrJq-ZxTLacituoCoA_745phekXxQJ6kjEGplvCAYelAGqVh2u6u5Lp1xUfDwYxwhwdWnT7Rdaag--k2Q2IuOz7Th8iWf9oLFPnDw-smG_ZQCH4L3Rc-xSiUHEF4yRcBnAGjzmEiRpGBSkcEyYWocPz6g5I5gLtojYflTccsSnsRKtK90d_-CX1tTPd1TjWazBd5eZxv_9-cTm8QXYMpBx36QwR23Y?testcase_id=4841406192680960

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment