CHECK failure: size > 0 in es_parser.cc |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6352433168252928 Fuzzer: libFuzzer_mediasource_MP2T_AACLC_AVC_pipeline_integration_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: size > 0 in es_parser.cc media::mp2t::EsParser::Parse media::mp2t::TsSectionPes::ParseInternal Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=499783:499873 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6352433168252928 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Sep 27 2017
,
Sep 27 2017
Randomly assigning to a videostack team member, hubbe@ you're the lucky candidate.
,
Sep 29 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/b1ce939bdbfec417e8eb811877f8b81d6bee44d0 commit b1ce939bdbfec417e8eb811877f8b81d6bee44d0 Author: Fredrik Hubinette <hubbe@google.com> Date: Fri Sep 29 19:03:13 2017 fix DCHECK error in es_parser found by fuzztesting Transport streams allow for zero-length packets, while the es_parser does not. I was not able to find out which is correct from the spec, so I chose the change that is most permissive and allow the zero-length packets. Bug: 768114 Change-Id: I34fd1a7f1adf68367ce4cce1d9da5bbcc01cd561 Reviewed-on: https://chromium-review.googlesource.com/691182 Commit-Queue: Fredrik Hubinette <hubbe@chromium.org> Reviewed-by: Dan Sanders <sandersd@chromium.org> Cr-Commit-Position: refs/heads/master@{#505435} [modify] https://crrev.com/b1ce939bdbfec417e8eb811877f8b81d6bee44d0/media/formats/mp2t/es_parser.cc
,
Sep 30 2017
ClusterFuzz has detected this issue as fixed in range 505425:505455. Detailed report: https://clusterfuzz.com/testcase?key=6352433168252928 Fuzzer: libFuzzer_mediasource_MP2T_AACLC_AVC_pipeline_integration_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: size > 0 in es_parser.cc media::mp2t::EsParser::Parse media::mp2t::TsSectionPes::ParseInternal Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=499783:499873 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=505425:505455 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6352433168252928 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 30 2017
ClusterFuzz testcase 6352433168252928 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by kkaluri@chromium.org
, Sep 26 2017Components: Blink>Media
Labels: M-63 CF-NeedsTriage Test-Predator-Wrong