New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 704064 link

Starred by 2 users
Status: Fixed
Owner:
manoranj...@chromium.org
Last visit 26 days ago
Closed: Mar 2017
Cc:
atomnu...@gmail.com
msrchandra@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Undefined-shift in init_pfa_reindex_tabs

Project Member Reported by ClusterFuzz, Mar 22 2017

Comment 1 by msrchandra@chromium.org, Mar 22 2017

Cc: msrchandra@chromium.org atomnu...@gmail.com
Labels: Test-Predator-Correct-CLs M-59
Adding the concern owner in Cc from Predator results.
The result is a list of CLs that change the crashed files. 

Author: Rostislav Pehlivanov
Project: chromium-ffmpeg
Changelist: https://chromium.googlesource.com/chromium/third_party/ffmpeg.git/+/d2119f624d392f53f80c3d36ffaadca23aef8a10
Time: Wed Feb 01 03:13:06 2017
Lines 1210 of file aacdec_template.c which potentially caused crash are changed in this cl (frame #2, "aac_decode_init"). 

File mdct15.c is changed in this cl (and is part of stack frame #0, "init_pfa_reindex_tabs"; frame #1, "ff_mdct15_init")
Minimum distance from crash line to modified line: 0. (file: aacdec_template.c, crashed on: 1210, modified: 1210).

Pardon me if it has been wrongly assigned.

Thank You.

Comment 2 by atomnu...@gmail.com, Mar 22 2017 

Hi,

Thanks for the report, I just fixed it in commit 38d7cc22f778, you can just backport it to your repo.

Cheers,
atomnuker

Comment 3 by msrchandra@chromium.org, Mar 30 2017

Owner: manoranj...@chromium.org
Status: Assigned (was: Untriaged)
@manoranjan -- As per Comment#2 can this issue be triaged as Fixed. Could you please respond and update the issue accordingly.
Thank You.

Comment 4 by manoranj...@chromium.org, Mar 30 2017

Status: Fixed (was: Assigned)
Yes, as per c#2 the issue is fixed. Please re-open the bug in case if you see any new failures.

PS: There might be a chance that 'REDO TASK' still shows it as 'Fixed:No'.

Thank you!
Project Member

Comment 5 by ClusterFuzz, Jun 7 2017 

ClusterFuzz has detected this issue as fixed in range 477380:477461.

Detailed report: https://clusterfuzz.com/testcase?key=4675837292183552

Fuzzer: libFuzzer_media_pipeline_integration_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  init_pfa_reindex_tabs
  ff_mdct15_init
  aac_decode_init
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=458516:458571
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=477380:477461

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4675837292183552


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment