New issue
Advanced search Search tips

Issue 782782 link

Starred by 1 user

Issue metadata

Status: Verified
Owner:
Closed: Jan 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug



Sign in to add a comment

Integer-overflow in AllPassFilter

Project Member Reported by ClusterFuzz, Nov 8 2017

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=6092666944356352

Fuzzer: libFuzzer_audio_processing_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  AllPassFilter
  SplitFilter
  WebRtcVad_CalculateFeatures
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=509903:509934

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6092666944356352

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
 
Cc: kkaluri@chromium.org
Components: Blink>WebRTC
Labels: M-64 Test-Predator-Wrong
Owner: aleloi@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL could not provide any possible suspects.
Using the code search for the file, “vad_filterbank.c” assigning to concern owner.
Suspecting Commit# https://webrtc.git.corp.google.com/src.git/+/aeb5d88dee9998a26fbe3f76790007a8f2fc98f7


aleloi@ -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes.
Thank You.
Labels: -Pri-2 Pri-3
P3, because the original authors thought of that and deemed overflows unlikely for real audio (comment https://webrtc.googlesource.com/src/+/5c24c67fd2632cfdcd73562aa0831c44ee535427/common_audio/vad/vad_filterbank.c#85). I'll take a look when I have time.
Project Member

Comment 3 by ClusterFuzz, Jan 17 2018

ClusterFuzz has detected this issue as fixed in range 529620:529648.

Detailed report: https://clusterfuzz.com/testcase?key=6092666944356352

Fuzzer: libFuzzer_audio_processing_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  AllPassFilter
  SplitFilter
  WebRtcVad_CalculateFeatures
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=509903:509934
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=529620:529648

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6092666944356352

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 4 by ClusterFuzz, Jan 17 2018

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 6092666944356352 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment