New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 757975 link

Starred by 1 user
Status: Archived
Owner: ----
Closed: Oct 30
Cc:
msrchandra@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Integer-overflow in CalcInvArSpec

Project Member Reported by ClusterFuzz, Aug 22 2017 
Detailed report: https://clusterfuzz.com/testcase?key=6504368127082496

Fuzzer: libFuzzer_audio_decoder_isacfix_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  CalcInvArSpec
  WebRtcIsacfix_DecodeSpec
  WebRtcIsacfix_DecodeImpl
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=423338:423416

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6504368127082496

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Comment 1 by msrchandra@chromium.org, Aug 23 2017

Cc: msrchandra@chromium.org
Components: Blink>WebRTC
Labels: M-61 Test-Predator-Correct-CLs
Owner: agrieve@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL could not provide any possible suspects.
Using Code Search for the file, "entropy_coding.c" assigning to concern owner.

Suspecting Commit#
https://chromium.googlesource.com/external/webrtc/trunk/webrtc.git/+/0f6b13a31cc96b4e232f267c7ac466a1f02f2550

@agrieve -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Comment 2 by agrieve@chromium.org, Aug 23 2017

Cc: -msrchandra@chromium.org
Owner: msrchandra@chromium.org
Yep, my change was just adding the word "const" to things. Should be a no-op in terms of runtime behaviour.

Comment 3 by msrchandra@chromium.org, Aug 23 2017

Cc: msrchandra@chromium.org
Labels: -Test-Predator-Correct-CLs Test-Predator-Wrong-CLs
Owner: ----
Status: Available (was: Assigned)
Thank You for the update.
Could some one WebRTC Team please look into the issue and provide an update.
Thank You.

Comment 4 by mmoroz@chromium.org, Oct 24 2017 

For more information, please see https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md.

The link referenced in the description is no longer valid.
Project Member

Comment 5 by sheriffbot@chromium.org, Oct 25

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 6 by guidou@chromium.org, Oct 30

Status: Archived (was: Untriaged)
Project Member

Comment 7 by ClusterFuzz, Nov 6

Labels: Needs-Feedback
ClusterFuzz testcase 6504368127082496 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.

Sign in to add a comment