Issue 771505 link

Starred by 1 user

Issue metadata

Status:	Verified
Owner:	█ brettw@chromium.org Last visit 25 days ago
Closed:	Nov 2017
Cc:	kkaluri@chromium.org █ msrchandra@chromium.org
Components:	Blink>Media
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	1
Type:	Bug
Stability-Crash Reproducible Stability-Memory-AddressSanitizer Needs-Feedback Stability-Libfuzzer Clusterfuzz ClusterFuzz-Verified Test-Predator-Wrong M-63

CHECK failure: new_offset >= 0 && new_offset <= static_cast<difference_type>(parent_deque_->siz

Project Member Reported by ClusterFuzz, Oct 4 2017

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5182441513025536

Fuzzer: libFuzzer_mediasource_MP4_AACLC_AVC_pipeline_integration_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  new_offset >= 0 && new_offset <= static_cast<difference_type>(parent_deque_->siz
  base::internal::circular_deque_const_iterator<scoped_refptr<media::StreamParserB
  base::internal::operator+
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=506151:506187

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5182441513025536

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Comment 1 by kkaluri@chromium.org, Oct 4 2017

Cc: msrchandra@chromium.org kkaluri@chromium.org
Components: Blink>Media
Labels: Test-Predator-Wrong M-63
Owner: brettw@chromium.org
Status: Assigned (was: Untriaged)

Predator and CL could not provide any possible suspects.
Using Code Search for the file, "circular_deque.h" assigning to the concern owner who might be related.

brettw@-- Could you please look into the issue, kindly re-assign if this is not related to your changes.


Thank You.

Comment 2 by kkaluri@chromium.org, Oct 5 2017

 Issue 771857  has been merged into this issue.

Comment 3 by mmoroz@chromium.org, Oct 24 2017

For more information, please see https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md.

The link referenced in the description is no longer valid.

Project Member

Comment 4 by ClusterFuzz, Nov 1 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)

ClusterFuzz testcase 5615693453328384 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Project Member

Comment 5 by ClusterFuzz, Nov 8 2017

Labels: Needs-Feedback

ClusterFuzz testcase 5182441513025536 is still reproducing on tip-of-tree build (trunk).

Please re-test your fix against this testcase and if the fix was incorrect or incomplete, please re-open the bug. Otherwise, ignore this notification and add ClusterFuzz-Wrong label.

►

Issue 771505 link

Issue metadata

CHECK failure: new_offset >= 0 && new_offset <= static_cast<difference_type>(parent_deque_->siz

Issue description

Comment 1 by kkaluri@chromium.org, Oct 4 2017

Comment 1 Deleted

Comment 2 by kkaluri@chromium.org, Oct 5 2017

Comment 2 Deleted

Comment 3 by mmoroz@chromium.org, Oct 24 2017

Comment 3 Deleted

Comment 4 by ClusterFuzz, Nov 1 2017

Comment 4 Deleted

Comment 5 by ClusterFuzz, Nov 8 2017

Comment 5 Deleted

Sign in to add a comment