Detailed report: https://clusterfuzz.com/testcase?key=6475433689481216 Fuzzer: libfuzzer_media_pipeline_integration_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Indirect-leak Crash Address: Crash State: av_dict_set media::FFmpegDemuxer::Initialize media::SerialRunner::RunNextInSeries Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=458485:458536 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94t3a5ThygZMFb0XGG53-J9Ez9lUerxHpF6o9PIqU1uZHJQ80QV5VytgZZ8PMHdQPstYwGnnnOqNnC_y55PsECe77T8TPP135L9f8YGU39D5DvCTZLXedbq9H-6D2iVC51AKkKFfzXDcgQBjsctmkLEmgxJ8fLhVpjJTJunXHCakJ6ETPBox8kYFJhDBeB_RcCS1HP39XGPUGEXKO6UfkX0vAlkadpEgatFSW4VorXMvluno6AKoIzIvB9PhXKeJxsEuKBX8Aq3YoPtbm2u0H391-291UtnXS-R58fOqJUZuP3WWGNQCQpyfSn4JAWl-QYkZyEpu0AfhviGL_W39hwWJB5N0Ds7xVS7AsHX-BkgUeAIKlf6jAjQeXwR711GznPRrRLDP7HlgVjBD9Q5SbpEpNEnTg?testcase_id=6475433689481216 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
Predator and regression range did not given any CL. could someone please take a look? Thank you
I know what the issue probably is. In mp3dec.c
Link to ffmpeg upstream discussion about the patch: http://ffmpeg.org/pipermail/ffmpeg-devel/2017-April/209953.html
The following revision refers to this bug: https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/23a7be520d523e37fc1eb31ff23ac0e59e737e09 commit 23a7be520d523e37fc1eb31ff23ac0e59e737e09 Author: Thomas Guilbert <tguilbert@chromium.org> Date: Tue Apr 11 23:29:11 2017 Fix dictionary leak in mp3dec Upstream changes in mp3dec.c introduced a leak. s->metadata is (correctly) assumed to be NULL when entering mp3_read_header, but Chromium uses a custom dictionary entry to skip id3v1 tag parsing, which requires an additional call to av_dict_free. Bug:703965 Change-Id: I5fbe4a7bd71d7097cf074f60f9ff3700d153930d Reviewed-on: https://chromium-review.googlesource.com/475026 Reviewed-by: Matthew Wolenetz <wolenetz@chromium.org> [modify] https://crrev.com/23a7be520d523e37fc1eb31ff23ac0e59e737e09/libavformat/mp3dec.c [modify] https://crrev.com/23a7be520d523e37fc1eb31ff23ac0e59e737e09/chromium/patches/README
ClusterFuzz has detected this issue as fixed in range 463863:463909. Detailed report: https://clusterfuzz.com/testcase?key=6475433689481216 Fuzzer: libfuzzer_media_pipeline_integration_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Indirect-leak Crash Address: Crash State: av_dict_set media::FFmpegDemuxer::Initialize media::SerialRunner::RunNextInSeries Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=458485:458536 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=463863:463909 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94t3a5ThygZMFb0XGG53-J9Ez9lUerxHpF6o9PIqU1uZHJQ80QV5VytgZZ8PMHdQPstYwGnnnOqNnC_y55PsECe77T8TPP135L9f8YGU39D5DvCTZLXedbq9H-6D2iVC51AKkKFfzXDcgQBjsctmkLEmgxJ8fLhVpjJTJunXHCakJ6ETPBox8kYFJhDBeB_RcCS1HP39XGPUGEXKO6UfkX0vAlkadpEgatFSW4VorXMvluno6AKoIzIvB9PhXKeJxsEuKBX8Aq3YoPtbm2u0H391-291UtnXS-R58fOqJUZuP3WWGNQCQpyfSn4JAWl-QYkZyEpu0AfhviGL_W39hwWJB5N0Ds7xVS7AsHX-BkgUeAIKlf6jAjQeXwR711GznPRrRLDP7HlgVjBD9Q5SbpEpNEnTg?testcase_id=6475433689481216 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
ClusterFuzz testcase 6475433689481216 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Comment 1 by mummare...@chromium.org
, Mar 22 2017Components: Internals>Media>FFmpeg
Labels: M-59 Test-Predator-Wrong