New issue
Advanced search Search tips

Issue 713826 link

Starred by 1 user
Status: Fixed
Owner:
dalecur...@chromium.org
Closed: Apr 2017
Cc:
qiangchen@chromium.org
solenberg@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

CHECK failure: render_count_overage >= 0 in video_renderer_algorithm.cc

Project Member Reported by ClusterFuzz, Apr 20 2017 
Detailed report: https://clusterfuzz.com/testcase?key=6286424241602560

Fuzzer: libfuzzer_media_pipeline_integration_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  render_count_overage >= 0 in video_renderer_algorithm.cc
  media::VideoRendererAlgorithm::FindBestFrameByCadence
  media::VideoRendererAlgorithm::Render
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=419732:419790

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv977vv-t8whpXkn6qoSOLVgivWw79hYLRaQN2YaJZZFwMiaAdGkpCqQ-BnP6mJg2wYtFOPmiyhW0zBagF4jXpL-hB29x97X2-q-XlD_nK3FkPQf7c8iciYsg9OPyPN0dg3bWZIvt6eNhcrDuOU0PHYX4f-XSxEXjz_I03T0DkNuVGtlvGe9ohnk6EM5hEOrd_itKsLakQ1B5S7BV-JJq8gqUst6ytT9vIo0bhp565lhDKI8rm0BNuP5337dFKPB97Jd2W-7NnOjHlO4Z0IRFRYF6kNGRs9R-Q-Lq90DnLoi7jnLw2nFFGUCKLQvKBrZr9oH8jyKig2ghyEqVGt_h3zNnsFGdQpOToE1dgkpsjOvieqi5pH8?testcase_id=6286424241602560


Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Comment 1 by mummare...@chromium.org, Apr 20 2017

Cc: dalecur...@chromium.org
Components: Internals>Media>Audio
Labels: M-60 Test-Predator-Wrong
Latest changes done by dalecurtis@ on file video_renderer_algorithm.cc. could you please take a look?
Thank you

Comment 2 by dalecur...@chromium.org, Apr 20 2017

Cc: -dalecur...@chromium.org
Owner: dalecur...@chromium.org
Status: Assigned (was: Untriaged)
Sure!

Comment 3 by dalecur...@chromium.org, Apr 21 2017

Cc: qiangchen@chromium.org
fix here, https://codereview.chromium.org/2827123007

Comment 4 by qiangchen@google.com, Apr 21 2017 

How can that check fail? I cannot think of any possibility.

    if (frame.ideal_render_count > render_count_overage) {
      if (remaining_overage)
        *remaining_overage = render_count_overage;
      return i;
    } else {
      // The ideal render count should always be zero or smaller than the
      // over-render count.
      render_count_overage -= frame.ideal_render_count;
      DCHECK_GE(render_count_overage, 0);
    }

Comment 5 by dalecur...@chromium.org, Apr 21 2017 

We get a massive negative number for the ideal frame count due to the cadence being negative.
Project Member

Comment 6 by bugdroid1@chromium.org, Apr 21 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/74ea768c1be4f0c38700d7cb7e30d6ba03ca973a

commit 74ea768c1be4f0c38700d7cb7e30d6ba03ca973a
Author: dalecurtis <dalecurtis@chromium.org>
Date: Fri Apr 21 22:44:13 2017

Ignore negative cadence values.

BUG= 713826 
TEST=clusterfuzz test case no longer check fails.

Review-Url: https://codereview.chromium.org/2827123007
Cr-Commit-Position: refs/heads/master@{#466478}

[modify] https://crrev.com/74ea768c1be4f0c38700d7cb7e30d6ba03ca973a/media/filters/video_cadence_estimator.cc

Comment 7 by dalecur...@chromium.org, Apr 24 2017

Status: Fixed (was: Assigned)

Sign in to add a comment