Undefined-shift in daala_gptopts |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4928605311467520 Fuzzer: libfuzzer_media_pipeline_integration_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Undefined-shift Crash Address: Crash State: daala_gptopts ogg_gptopts ogg_get_length Sanitizer: undefined (UBSAN) Reproducer Testcase: https://clusterfuzz.com/download/AMIfv944m28sT67XzXBjAJdeKNlD9n6F6TzmTZzmiORWER65PCf1QF7Y2vm3yzAItOlOcTNyA0-K7xG4kSfrrmgJKab49AapXlJ2aN3AHI6ER3pSKxAKouHw8O8iyZVIubvYZpQE2L5M4EcdprGGq3R4XDcsgtDedqe2ny2HF5gl9DV8O7b2tcmpE17rfseVi2N4otAbjooSL4r2LgnjXdYYE9BpFYvNQ8lCm18GdtbPm3NayH9DBHTjbURFZPE4j0Bwjzx0DlNiayNtla_MT6Eyh38o1v9SxGN4lEgoPVMZ0ku86PgSkpY4VBm3_EVM0Yofi2jWx8LYuHJ4tAqYAKVXrCNVXUMyWGAnvocuRo1TNWDPRrLSZ6M-yPeurJQyQniu7VBpXmjqlWUrpSO-qsR5Qda_04F42g?testcase_id=4928605311467520 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Mar 25 2017
As per existing issue 700242 , assigning to tguilbert@. could you please take a look and duplicate if same root cause. Thank you.
,
Mar 27 2017
,
Apr 12 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/afe71350257c999a623d66d7f56e926552dc3737 commit afe71350257c999a623d66d7f56e926552dc3737 Author: Thomas Guilbert <tguilbert@chromium.org> Date: Wed Apr 12 00:45:11 2017 Cherry-pick upstream USAN fixes avformat/mov: Check creation_time for overflow Fixes integer overflow Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 39ee3ddff87a12e108fc4e0d36f756d0ca080472) --- avformat/oggparsedaala: Do not leave an invalid value in gpshift Fixes: undefined behavior Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 23ae3cc822915ede2bb4e85047ab46cc5bc71268) --- avformat/oggparsedaala: Check duration for AV_NOPTS_VALUE This avoids an integer overflow the solution matches oggparsevorbis.c and 45581ed15d2ad5955e24d809820c1675da68f500 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 679a315424e6ffaafd21ebf7a86108bd4e743793) Bug: 701640 , 700242 , 702974 Change-Id: Ibcff00b7e137f2b07b062468ad42152dfd428a18 Reviewed-on: https://chromium-review.googlesource.com/475204 Reviewed-by: Matthew Wolenetz <wolenetz@chromium.org> [modify] https://crrev.com/afe71350257c999a623d66d7f56e926552dc3737/libavformat/mov.c [modify] https://crrev.com/afe71350257c999a623d66d7f56e926552dc3737/libavformat/oggparsedaala.c
,
Apr 12 2017
ClusterFuzz has detected this issue as fixed in range 463875:463909. Detailed report: https://clusterfuzz.com/testcase?key=4928605311467520 Fuzzer: libfuzzer_media_pipeline_integration_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Undefined-shift Crash Address: Crash State: daala_gptopts ogg_gptopts ogg_get_length Sanitizer: undefined (UBSAN) Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=463875:463909 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv944m28sT67XzXBjAJdeKNlD9n6F6TzmTZzmiORWER65PCf1QF7Y2vm3yzAItOlOcTNyA0-K7xG4kSfrrmgJKab49AapXlJ2aN3AHI6ER3pSKxAKouHw8O8iyZVIubvYZpQE2L5M4EcdprGGq3R4XDcsgtDedqe2ny2HF5gl9DV8O7b2tcmpE17rfseVi2N4otAbjooSL4r2LgnjXdYYE9BpFYvNQ8lCm18GdtbPm3NayH9DBHTjbURFZPE4j0Bwjzx0DlNiayNtla_MT6Eyh38o1v9SxGN4lEgoPVMZ0ku86PgSkpY4VBm3_EVM0Yofi2jWx8LYuHJ4tAqYAKVXrCNVXUMyWGAnvocuRo1TNWDPRrLSZ6M-yPeurJQyQniu7VBpXmjqlWUrpSO-qsR5Qda_04F42g?testcase_id=4928605311467520 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 12 2017
ClusterFuzz testcase 4928605311467520 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 Deleted