New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 697299 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Closed: Mar 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug



Sign in to add a comment

-std::ceil(FramesToTimeDelta( audio_decoder_config().codec_delay(), audio_decode

Project Member Reported by ClusterFuzz, Mar 1 2017

Issue description

Cc: mummare...@chromium.org
Components: Internals>Media>Audio
Labels: Test-Predator-Wrong M-58
Owner: servolk@chromium.org
Status: Assigned (was: Untriaged)
Through code search on file ffmpeg_demuxer.cc, suspected CL
https://chromium.googlesource.com/chromium/src/+/459f5a96a07236e94cae14eba657fc68498afe1b
servolk@, could you please take a look?
Thank you
FWIW the suspected regression range in the link from comment #1, it gives me a range of resivions from ~2015 (https://chromium.googlesource.com/chromium/src/+log/071a5d0dcd53d5719a396fe0f66b8f26943d3744..271400d6a7360cccbb4dca303f38d1992ff2167e?pretty=fuller).

Looking at the failure location, I don't think my CL could have regressed this.
Re-assigning to tguibert@ who added that CHECK in another recent CL https://codereview.chromium.org/2635573002.

Thomas any ideas why the check is failing?
Owner: tguilbert@chromium.org
Thank you for reassigning.
Cc: tguilbert@chromium.org
Owner: dalecur...@chromium.org
I don't think my change could have affected that test either (that change added negated a condition, added an early return, and decreased the nesting of that code). Dale is probably in a better position to answer this question.

This is the CL that introduced that DCHECK:
https://chromium.googlesource.com/chromium/src/+/aa958fd3a80afdfdc2f747a819a1c67605c637e6

Dale, do you know what might be happening?
Labels: -Pri-1 Pri-3
Probably fuzzer just found something new; no big deal will just result in weird playback of the decoded audio. Will look into it.
Project Member

Comment 7 by bugdroid1@chromium.org, Mar 2 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e24ee9fad5abcc31826978860d91047c8e6aa25f

commit e24ee9fad5abcc31826978860d91047c8e6aa25f
Author: dalecurtis <dalecurtis@chromium.org>
Date: Thu Mar 02 23:25:35 2017

Remove useless DCHECK; discard helper enforces invalid values.

This DCHECK is harmless and failure of it just means we'll discard
a bit less of a negative packet than expected. Invalid values are
already sanitized by AudioDiscardHelper.

Also fixes log spam from duration changes.

BUG= 697299 
TEST=fuzzertest no longer fails.

Review-Url: https://codereview.chromium.org/2727573005
Cr-Commit-Position: refs/heads/master@{#454430}

[modify] https://crrev.com/e24ee9fad5abcc31826978860d91047c8e6aa25f/media/filters/ffmpeg_demuxer.cc
[modify] https://crrev.com/e24ee9fad5abcc31826978860d91047c8e6aa25f/media/test/pipeline_integration_fuzzertest.cc

Status: Fixed (was: Assigned)
Project Member

Comment 9 by ClusterFuzz, Mar 3 2017

ClusterFuzz has detected this issue as fixed in range 454393:454432.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5776884714700800

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  -std::ceil(FramesToTimeDelta( audio_decoder_config().codec_delay(), audio_decode
  media::FFmpegDemuxerStream::EnqueuePacket
  media::FFmpegDemuxer::OnReadFrameDone
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=342236:342305
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=454393:454432

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96cKUeJA_caKZ3bskJW9-INChzrFWVo4G8JPLR1VU_0BwfzUsca2AXlbSXtPtBEfKepwqpxAmg6eD1pjuGBYxNyxz2kGV3x3wdZQt1yDRe8gPryllLIfgg1WpuxaTGzkoLyjATEUnA56e_arpfHRU_LTwaGVvcCb4qynMpErVyDqAI9-0UeZb37Y4RC27q__hcpr_FX4VaJ71O1mSif1SyS-7jiPMncNJR1ArrDSUNud4TgAluZw1ISCDIVYzj5wTu4N-rJaY_sA4mXy4uhWs1yo3pyNva7FS9S2a5i5uQz00jF3RPQxh_bGz9yoIsrNAm-KcVxD7QxB_q3Lnt5E6Tjw9Nj-thQ9286QFH7waFv-iBuTOU?testcase_id=5776884714700800


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment