New issue
Advanced search Search tips

Issue 699373 link

Starred by 2 users
Status: Verified
Owner:
tguilbert@chromium.org
Closed: Mar 2017
Cc:
dalecur...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug

Blocking:
issue 698865



Sign in to add a comment

channel_layout == CHANNEL_LAYOUT_DISCRETE || ChannelLayoutToChannelCount(channel

Project Member Reported by ClusterFuzz, Mar 8 2017

Comment 1 by durga.behera@chromium.org, Mar 8 2017

Components: Blink>Media>Audio
Labels: Test-Predator-Wrong-CLs M-59
Owner: rtoy@chromium.org
Status: Assigned (was: Untriaged)
Find it result:
====================
Git blame below is NOT necessarily who introduced the crash nor the owner for it. Please check the code before assigning to anyone.(No CL in the regression range changed the crashing files.) 

Author: mostynb@opera.com
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/901a5e3835718e8872f38af32d65fce7ea3fcbeb
Time: Mon Apr 08 23:26:25 2013
The CL last changed line 221 of file debugger_posix.cc, which is stack frame 7. 

Author: brettw@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/58580359a452cb7c3b9580edc0843c3ab3d158df
Time: Tue Oct 26 04:07:50 2010
The CL last changed line 251 of file debugger_posix.cc, which is stack frame 8. 

Author: rch@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/82d89abc03ea6fd6b9258f0e57be0290b33d7eb1
Time: Fri Feb 28 18:25:34 2014
The CL last changed line 759 of file logging.cc, which is stack frame 9. 

Author: dalecurtis@google.com
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/e81f5f9dab753290125ba1f026e2c138795bf658
Time: Sat Mar 29 01:32:16 2014
The CL last changed line 44 of file audio_buffer.cc, which is stack frame 10. 

Author: dalecurtis
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/39a7f93d67f79d6afadb0f74254eef19b5ff9318
Time: Tue Jul 19 18:34:59 2016
The CL last changed line 124 of file audio_buffer.cc, which is stack frame 11.
========================
From above Change log suspecting the below audio related change,

Review-Url: https://codereview.chromium.org/2690343005
rtoy@: Would you mind taking a look into this, if its related to your change, else please help assigning to an appropriate owner for this.

Comment 2 by rtoy@chromium.org, Mar 8 2017

Owner: dalecur...@chromium.org
Reassigning to dalecurtis@, since this is an assert in media/base/audio_buffer.cc

Comment 3 by dalecur...@chromium.org, Mar 9 2017

Cc: dalecur...@chromium.org
Components: -Blink>Media>Audio Internals>Media>FFmpeg
Owner: tguilbert@chromium.org
=>tguilbert as part of the ffmpeg roll.

Comment 4 by tguilbert@chromium.org, Mar 13 2017

Blocking: 698865
Project Member

Comment 5 by bugdroid1@chromium.org, Mar 16 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/cd31831bb240ce19d3e3af6f2b95f8ad11c96e5c

commit cd31831bb240ce19d3e3af6f2b95f8ad11c96e5c
Author: tguilbert <tguilbert@chromium.org>
Date: Thu Mar 16 01:35:03 2017

Fix unsupported audio channel layout

We currently do not check the returned channel layout when converting
Ffmpeg to chrome channel layouts. This means that we still try to create
audio buffers whenever we have an unsupported channel layout. This
causes some tests to crash when hitting a DCHECK in AudioBuffer's ctor.

This CL fixes the issue by erroring out early rather than trying to
create an invalid AudioBuffer.

BUG= 699373 
TEST=manually checked it didn't crash anymore

Review-Url: https://codereview.chromium.org/2748023004
Cr-Commit-Position: refs/heads/master@{#457302}

[modify] https://crrev.com/cd31831bb240ce19d3e3af6f2b95f8ad11c96e5c/media/filters/ffmpeg_audio_decoder.cc
Project Member

Comment 6 by ClusterFuzz, Mar 16 2017 

ClusterFuzz has detected this issue as fixed in range 457280:457308.

Detailed report: https://clusterfuzz.com/testcase?key=6581429464203264

Fuzzer: libfuzzer_media_pipeline_integration_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  channel_layout == CHANNEL_LAYOUT_DISCRETE || ChannelLayoutToChannelCount(channel
  media::AudioBuffer::AudioBuffer
  media::AudioBuffer::CreateBuffer
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=455091:455226
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=457280:457308

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv96KHaEuiEY115PxcnKtTDVLTbesKF6K0xex9BwtGjRXkjeH7COEM4aS2xd7qDky2FcIcJYVqx6JfWa1kZloahKhhTO9UPO6CMwWvnDTs-DAfh6wWZO7RDOr3SUOJmRMBSjRX0pFiREXp-8EhTVu7qXN-VJ_7UMAkiJFZLpmp205RCiDSjyEdqL3hzoOQ4lMS6Nhjbn4Smi9TwSx6wMGUyMo7UdK2Ffyy4FkeniUQX2D-M1c0aIy9SjVcNrQRPAIkAk7Apk5Vja7RREKWQtEeLhx66Om8uXh6FoEQeTxSxIFOfpBzvDBWZLQ1VEKWY9bAKxaknyWYJswVzRe0N8Zxhz0_6lk25MKi8vrBfg82h-uBGexdWo?testcase_id=6581429464203264


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 7 by ClusterFuzz, Mar 16 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 6581429464203264 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment