Issue metadata
Sign in to add a comment
|
CHECK failure: bytes_read <= data_size in mpeg_audio_stream_parser_base.cc |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6052704802832384 Fuzzer: libFuzzer_mediasource_MP3_pipeline_integration_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: bytes_read <= data_size in mpeg_audio_stream_parser_base.cc media::MPEGAudioStreamParserBase::Parse media::SourceBufferState::Append Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=497063:497144 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6052704802832384 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Aug 29 2017
Matt, would you mind taking a look whether this is indeed a duplicate of 758811 or not?
,
Aug 29 2017
Yep, this is a duplicate of bug 758811 .
,
Aug 29 2017
Hitting a CHECK failure; lowering priority).
,
Aug 30 2017
Fix in CR @ https://chromium-review.googlesource.com/c/chromium/src/+/642014
,
Aug 30 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/196dd9dded6507957f32a3b4df1f99975b5ba909 commit 196dd9dded6507957f32a3b4df1f99975b5ba909 Author: Matt Wolenetz <wolenetz@chromium.org> Date: Wed Aug 30 02:27:09 2017 MSE: Fix bad assumption in ParseID3v1 tag skipping If |size| >= kID3v1Size, the initial 4 bytes of the tag appear to be an extended tag, and |size| < kID3v1ExtendedSize, this change makes the tag parser indicate it needs more data rather than incorrectly claim it consumed > |size|. BUG= 758811 , 758826 Change-Id: I7f9a5b4b74835c7306efccb69ed739b76ea98aab Reviewed-on: https://chromium-review.googlesource.com/642014 Reviewed-by: Dale Curtis <dalecurtis@chromium.org> Commit-Queue: Matthew Wolenetz <wolenetz@chromium.org> Cr-Commit-Position: refs/heads/master@{#498349} [modify] https://crrev.com/196dd9dded6507957f32a3b4df1f99975b5ba909/media/formats/mpeg/mpeg_audio_stream_parser_base.cc
,
Aug 30 2017
ClusterFuzz has detected this issue as fixed in range 498340:498374. Detailed report: https://clusterfuzz.com/testcase?key=6052704802832384 Fuzzer: libFuzzer_mediasource_MP3_pipeline_integration_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: bytes_read <= data_size in mpeg_audio_stream_parser_base.cc media::MPEGAudioStreamParserBase::Parse media::SourceBufferState::Append Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=497063:497144 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=498340:498374 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6052704802832384 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by msrchandra@chromium.org
, Aug 25 2017Status: Duplicate (was: Untriaged)