Timeout in media_pipeline_integration_fuzzer |
|||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5473308415098880 Fuzzer: libfuzzer_media_pipeline_integration_fuzzer Job Type: mac_libfuzzer_chrome_asan Platform Id: mac Crash Type: Timeout (exceeds 25 secs) Crash Address: Crash State: media_pipeline_integration_fuzzer Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_libfuzzer_chrome_asan&range=433047:433090 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5473308415098880 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Apr 24 2017
Predator and CL did not provide any possible suspects. Using Code Search for the file, "media_pipeline_integration_fuzzer" assigning to the concern owner. Suspecting Commit# https://chromium.googlesource.com/chromium/src/+/722e67b4d30548006c685f81bfcd6a88858168e1 @xjz -- Could you please look into the issue, kindly re-assign if this is not related to your changes. Thank You.
,
Apr 25 2017
This seems not related to my change. I tried revert my CL and can still repro this locally. Did initial study and find that the test didn't return when calling PipelineIntegrationTestBase::StartInternal() and stuck at base::RunLoop().Run(); https://cs.chromium.org/chromium/src/media/test/pipeline_integration_test_base.cc?rcl=deda22b114bc8308ad1ae888727a66ceda9189aa&l=247 sandersd@: Can you please take a look or help to find an appropriate owner for this? Thanks.
,
Apr 25 2017
Assigning to jrummel@, current FFmpeg roller. This is an infinite loop between libavformat/libavcodec, parse_packet() repeatedly calls flac_parse() but makes 0 bytes of progress through the buffer each time.
,
Apr 25 2017
(whoops)
,
Jul 27 2017
John, the timeout seems to happen in 80% of fuzzer runs, so it's a real blocker for coverage gain and efficient continuous testing: https://clusterfuzz.com/v2/performance-report/libFuzzer_media_pipeline_integration_fuzzer/libfuzzer_chrome_asan/latest It would be great if you could take a look into that, or suggest another owner at least :)
,
Aug 25 2017
Reproduces in ffmpeg. Opened https://trac.ffmpeg.org/ticket/6618 to get it fixed.
,
Oct 24 2017
For more information, please see https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md. The link referenced in the description is no longer valid. (bulk edit)
,
Nov 16 2017
Updating milestone as there is no update on the ffmpeg ticket.
,
Jan 12 2018
Just checked the ffmpeg bug. It's been resolved as a duplicate of https://trac.ffmpeg.org/ticket/6112, which is still open. So unlikely to be fixed in this milestone.
,
Apr 12 2018
The ffmpeg bug is still open.
,
Jul 18
,
Aug 7
The ffmpeg bug is still open, so moving out a couple of releases as I think ffmpeg has already been updated for M70. Is there any way to get this data into the ffmpeg fuzzer? That might get better traction from the ffmpeg folk. Not sure how the ffmpeg fuzzer works, but running "ffmpeg -i testcase.flac dummy.mp4" where testcase.flac is the bytes that are causing the problem demonstrates the same problem.
,
Aug 8
Sure, it's possible. There are 400+ fuzz targets for ffmpeg running on OSS-Fuzz: https://oss-fuzz.com/v2/fuzzer-stats/by-fuzzer/fuzzer/libFuzzer/job/libfuzzer_asan_ffmpeg Paste for those who don't have access: https://paste.googleplex.com/6419645493936128 John, I see that you should have access to all that stuff: https://github.com/google/oss-fuzz/blob/master/projects/ffmpeg/project.yaml#L5 So, you can just add any interesting inputs to corresponding GCS bucket: https://pantheon.corp.google.com/storage/browser/ffmpeg-corpus.clusterfuzz-external.appspot.com/libFuzzer/ |
|||||||||||
►
Sign in to add a comment |
|||||||||||
Comment 1 by ClusterFuzz
, Apr 22 2017