Undefined-shift in WebRtcSpl_AnalysisQMF |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6560249292259328 Fuzzer: libFuzzer_audio_processing_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Undefined-shift Crash Address: Crash State: WebRtcSpl_AnalysisQMF webrtc::SplittingFilter::TwoBandsAnalysis webrtc::AudioProcessingImpl::ProcessCaptureStreamLocked Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=481133:481204 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6560249292259328 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jun 22 2017
Henrik can you reassign? This is old code, my blame is based on s/foo/bar/g changes.
,
Jun 22 2017
,
Jul 18 2017
The following revision refers to this bug: https://chromium.googlesource.com/external/webrtc.git/+/16005b77839e8d2af95405e6434a7fbdbf4b5851 commit 16005b77839e8d2af95405e6434a7fbdbf4b5851 Author: Alex Loiko <aleloi@webrtc.org> Date: Tue Jul 18 10:02:28 2017 Remove potential left shift of negative value in WebRtcSpl_AnalysisQMF WebRtcSpl_AnalysisQMF takes raw (user) audio input represented by int16_t samples. The samples are converted to Q10 with the WEBRTC_SPL_LSHIFT_W32 macro. The macro is implemeted as a left shift. This CL replaces the shift with a multiplication, similar to https://codereview.webrtc.org/2253943002 TBR=kwiberg@webrtc.org Bug: chromium:735773 Change-Id: Ic4e63269390e82b86f304e5aa1b5e2dc22122bcb Reviewed-on: https://chromium-review.googlesource.com/552124 Commit-Queue: Alex Loiko <aleloi@webrtc.org> Reviewed-by: Alessio Bazzica <alessiob@webrtc.org> Reviewed-by: Per Ã…hgren <peah@webrtc.org> Cr-Commit-Position: refs/heads/master@{#19068} [modify] https://crrev.com/16005b77839e8d2af95405e6434a7fbdbf4b5851/webrtc/common_audio/signal_processing/splitting_filter.c
,
Jul 18 2017
,
Jul 21 2017
ClusterFuzz has detected this issue as fixed in range 488172:488220. Detailed report: https://clusterfuzz.com/testcase?key=6560249292259328 Fuzzer: libFuzzer_audio_processing_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Undefined-shift Crash Address: Crash State: WebRtcSpl_AnalysisQMF webrtc::SplittingFilter::TwoBandsAnalysis webrtc::AudioProcessingImpl::ProcessCaptureStreamLocked Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=481133:481204 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=488172:488220 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6560249292259328 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
||||
►
Sign in to add a comment |
||||
Comment 1 by msrchandra@chromium.org
, Jun 22 2017Components: Blink>WebRTC
Labels: M-61 Test-Predator-Wrong-CLs
Owner: pbos@chromium.org
Status: Assigned (was: Untriaged)