CHECK failure: bytes_read <= data_size in mpeg_audio_stream_parser_base.cc |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6576599813324800 Fuzzer: libFuzzer_mediasource_MP3_pipeline_integration_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: bytes_read <= data_size in mpeg_audio_stream_parser_base.cc base::debug::DebugBreak media::MPEGAudioStreamParserBase::Parse Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=497039:497107 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6576599813324800 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Aug 29 2017
,
Aug 29 2017
Confirmed repro. This is hitting a CHECK failure, so lowering priority.
,
Aug 30 2017
Fix in CR @ https://chromium-review.googlesource.com/c/chromium/src/+/642014
,
Aug 30 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/196dd9dded6507957f32a3b4df1f99975b5ba909 commit 196dd9dded6507957f32a3b4df1f99975b5ba909 Author: Matt Wolenetz <wolenetz@chromium.org> Date: Wed Aug 30 02:27:09 2017 MSE: Fix bad assumption in ParseID3v1 tag skipping If |size| >= kID3v1Size, the initial 4 bytes of the tag appear to be an extended tag, and |size| < kID3v1ExtendedSize, this change makes the tag parser indicate it needs more data rather than incorrectly claim it consumed > |size|. BUG= 758811 , 758826 Change-Id: I7f9a5b4b74835c7306efccb69ed739b76ea98aab Reviewed-on: https://chromium-review.googlesource.com/642014 Reviewed-by: Dale Curtis <dalecurtis@chromium.org> Commit-Queue: Matthew Wolenetz <wolenetz@chromium.org> Cr-Commit-Position: refs/heads/master@{#498349} [modify] https://crrev.com/196dd9dded6507957f32a3b4df1f99975b5ba909/media/formats/mpeg/mpeg_audio_stream_parser_base.cc
,
Aug 30 2017
ClusterFuzz has detected this issue as fixed in range 498336:498364. Detailed report: https://clusterfuzz.com/testcase?key=6576599813324800 Fuzzer: libFuzzer_mediasource_MP3_pipeline_integration_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: bytes_read <= data_size in mpeg_audio_stream_parser_base.cc base::debug::DebugBreak media::MPEGAudioStreamParserBase::Parse Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=497039:497107 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=498336:498364 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6576599813324800 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 30 2017
ClusterFuzz testcase 6576599813324800 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by msrchandra@chromium.org
, Aug 25 2017