CHECK failure: timestamp_delta > base::TimeDelta() in source_buffer_range.cc |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4731411063111680 Fuzzer: libFuzzer_mediasource_WEBM_VP9_pipeline_integration_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: timestamp_delta > base::TimeDelta() in source_buffer_range.cc base::debug::DebugBreak media::SourceBufferRange::AdjustEstimatedDurationForNewAppend Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=497039:497107 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4731411063111680 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Aug 29 2017
=> chcunningham@ -- with this fuzzer case, we now should have a reliable repro. Please take a look.
,
Sep 5 2017
See also potential duplicate bug 761567 .
,
Sep 6 2017
One approach I'm taking to fix bug 759336 also hits this DCHECK. I may take over fixing this issue since it's related.
,
Sep 6 2017
I'll take a stab at fixing this one...
,
Sep 6 2017
,
Sep 6 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c2b16265430412636e3856901ffafab66541d9b6 commit c2b16265430412636e3856901ffafab66541d9b6 Author: Matt Wolenetz <wolenetz@chromium.org> Date: Wed Sep 06 21:07:46 2017 MSE: Remove the +1us in SBS::PotentialNextAppendTimestamp() That +1us was enough to trigger a problem when prepending a previous buffer with a couple new buffers that are 1us long and are in their own continuous coded frame group. Removing the +1us seems to fix the problem without regressing any other test cases (caveat [0]). Also, removing the +1us was previously tracked by bug 589295 as part of residual future work leftover from relaxing the keyframe restriction ( bug 249412 ). See related CR comment thread [1]. New tests for this required microsecond-granularity timestamp and duration test modifications, included too. [0] An immediate result of this +1us removal is that both of the new test cases trigger bug 758802 (one more than before), so I fixed that issue in this CL as well: buffers can have 0 duration (consider WebM alt-ref). Fixing bug 758802 essentially lets estimated buffers be adjusted to have 0 duration minimum (instead of 1 microsecond minimum). [1] https://codereview.chromium.org/1670033002/diff/80001/media/filters/source_buffer_stream.cc#newcode442 BUG= 759336 , 589295 , 758802 TEST=2 new SourceBufferStreamTests, both of which failed prior to this CL; fuzzer cases in 759336 and 758802 no longer repro locally. Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel Change-Id: If04dbdf605a3c6d4876afb015d521ad60863bafa Reviewed-on: https://chromium-review.googlesource.com/651352 Commit-Queue: Matthew Wolenetz <wolenetz@chromium.org> Reviewed-by: Chrome Cunningham <chcunningham@chromium.org> Cr-Commit-Position: refs/heads/master@{#500086} [modify] https://crrev.com/c2b16265430412636e3856901ffafab66541d9b6/media/filters/source_buffer_range.cc [modify] https://crrev.com/c2b16265430412636e3856901ffafab66541d9b6/media/filters/source_buffer_stream.cc [modify] https://crrev.com/c2b16265430412636e3856901ffafab66541d9b6/media/filters/source_buffer_stream_unittest.cc
,
Sep 6 2017
#7 should fix this. Pending CF verification...
,
Sep 7 2017
ClusterFuzz has detected this issue as fixed in range 500028:500106. Detailed report: https://clusterfuzz.com/testcase?key=4731411063111680 Fuzzer: libFuzzer_mediasource_WEBM_VP9_pipeline_integration_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: timestamp_delta > base::TimeDelta() in source_buffer_range.cc base::debug::DebugBreak media::SourceBufferRange::AdjustEstimatedDurationForNewAppend Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=497039:497107 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=500028:500106 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4731411063111680 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 7 2017
ClusterFuzz testcase 4731411063111680 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Sep 7 2017
ClusterFuzz has detected this issue as fixed in range 500028:500106. Detailed report: https://clusterfuzz.com/testcase?key=4731411063111680 Fuzzer: libFuzzer_mediasource_WEBM_VP9_pipeline_integration_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: timestamp_delta > base::TimeDelta() in source_buffer_range.cc base::debug::DebugBreak media::SourceBufferRange::AdjustEstimatedDurationForNewAppend Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=497039:497107 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=500028:500106 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4731411063111680 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by mmoroz@chromium.org
, Aug 29 2017