Crash in webrtc::CreateTracksFromSsrcInfos |
||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4828420694605824 Fuzzer: libfuzzer_sdp_parser_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: UNKNOWN Crash Address: 0x03e900005ea2 Crash State: rtc::FatalMessage::~FatalMessage webrtc::CreateTracksFromSsrcInfos webrtc::ParseContent Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=443565:443630 Minimized Testcase (0.24 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96QldcjshOvB9Mfr-b1D23UqjCGwzqW0kBFfhVO5kv32n_Bt5iPGkMTZga0Izu9vTaU1J_LPaWVHhZ-tWH2o87-gEh2nQhQHMvkHGMU7yg-PdJue3IRn8HwdEb7cgtuXNuwmXP0mNUcGCbe5sP3TVwKMQEw-iZAE0KY_a_B1QBiuO8LIB-mz8VTd1yrqg9liJphl0iWZ8W98IbJ580ebKI7o6RhnH7qQ9wOKHfI4hS8W1kBUT0Q3QJs67Wms_67G9OVK8PAzzmzxbddEx0aYqmWEM0V0oML9ol56KVFq_kBTbg87mnD78ur0ZpbJtyJYnVGfQuSbEAXwrgjwCsJExGBEij-tRe2Bn-wcNT31Ehsf7TwGMU?testcase_id=4828420694605824 v=0 o=l e s=,- t=� m=video1 a=r a=rtpmap:1 a=msidrttmapmsid:2����=rt]pmap:1 a=rTppam:)1 a=rtpm::1 a=rtpmap:1 v=0 o=l e s=,- t=� m=video1 a=r a=rtpmap:1 a=msidrttmap:2; *=rt]pmap:1 a=rTppam:)1 a=rtpm::1 a=rtpmapa=rtp Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Feb 1 2017
deadbeef@: Can you take a look? Bounce back or reassign if you're not the right owner.
,
Feb 1 2017
,
Feb 1 2017
,
Feb 7 2017
,
Feb 10 2017
Fixed by https://codereview.webrtc.org/2675273003/ (which referenced the wrong bug). Will wait for fuzzer to mark as fixed.
,
Feb 11 2017
Actually, that's also incorrect. Too many SDP parsing bugs.
,
Feb 11 2017
The following revision refers to this bug: https://chromium.googlesource.com/external/webrtc.git/+/a4549d6588207a22ec0c5decc2dfc9fc9a1cde70 commit a4549d6588207a22ec0c5decc2dfc9fc9a1cde70 Author: deadbeef <deadbeef@webrtc.org> Date: Sat Feb 11 01:26:22 2017 Fix SDP parsing crash due to missing track ID in "a=msid". BUG= chromium:686405 Review-Url: https://codereview.webrtc.org/2676293003 Cr-Commit-Position: refs/heads/master@{#16545} [modify] https://crrev.com/a4549d6588207a22ec0c5decc2dfc9fc9a1cde70/webrtc/pc/webrtcsdp.cc [modify] https://crrev.com/a4549d6588207a22ec0c5decc2dfc9fc9a1cde70/webrtc/pc/webrtcsdp_unittest.cc
,
Feb 15 2017
ClusterFuzz has detected this issue as fixed in range 450309:450324. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4828420694605824 Fuzzer: libfuzzer_sdp_parser_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: UNKNOWN Crash Address: 0x03e900005ea2 Crash State: rtc::FatalMessage::~FatalMessage webrtc::CreateTracksFromSsrcInfos webrtc::ParseContent Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=443565:443630 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=450309:450324 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96QldcjshOvB9Mfr-b1D23UqjCGwzqW0kBFfhVO5kv32n_Bt5iPGkMTZga0Izu9vTaU1J_LPaWVHhZ-tWH2o87-gEh2nQhQHMvkHGMU7yg-PdJue3IRn8HwdEb7cgtuXNuwmXP0mNUcGCbe5sP3TVwKMQEw-iZAE0KY_a_B1QBiuO8LIB-mz8VTd1yrqg9liJphl0iWZ8W98IbJ580ebKI7o6RhnH7qQ9wOKHfI4hS8W1kBUT0Q3QJs67Wms_67G9OVK8PAzzmzxbddEx0aYqmWEM0V0oML9ol56KVFq_kBTbg87mnD78ur0ZpbJtyJYnVGfQuSbEAXwrgjwCsJExGBEij-tRe2Bn-wcNT31Ehsf7TwGMU?testcase_id=4828420694605824 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Feb 15 2017
|
||||||
►
Sign in to add a comment |
||||||
Comment 1 by dtapu...@chromium.org
, Jan 30 2017