New issue
Advanced search Search tips

Issue 787753 link

Starred by 1 user
Status: Verified
Owner:
holmer@chromium.org
Closed: Nov 2017
Cc:
mbonadei@chromium.org
pbos@chromium.org
kkaluri@chromium.org
holmer@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Integer-overflow in webrtc::FuzzOneInput

Project Member Reported by ClusterFuzz, Nov 22 2017 
Detailed report: https://clusterfuzz.com/testcase?key=4746143996313600

Fuzzer: libFuzzer_congestion_controller_feedback_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  webrtc::FuzzOneInput
  webrtc_fuzzer_main.cc
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=407738:407796

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4746143996313600

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

Comment 1 by kkaluri@chromium.org, Nov 23 2017

Cc: kkaluri@chromium.org
Components: Blink>WebRTC
Labels: M-63 Test-Predator-Wrong-CLs
Owner: mbonadei@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL could not provide any possible suspects.

Using the code search for the file, “congestion_controller_feedback_fuzzer.cc” assigning to concern owner.

Suspecting Commit# https://webrtc.git.corp.google.com/src.git/+/92ea95e34af5966555903026f45164afbd7e2088

mbonadei@-- Could you please look into this issue, kindly reassign if it has nothing to do with your changes.


Thank You...

Comment 2 by mbonadei@chromium.org, Nov 23 2017

Owner: holmer@chromium.org
I am assigning this to Stefan since he has more context on that.

Comment 3 by mbonadei@chromium.org, Nov 23 2017

Cc: mbonadei@chromium.org
Project Member

Comment 4 by bugdroid1@chromium.org, Nov 23 2017 

The following revision refers to this bug:
  https://webrtc.googlesource.com/src.git/+/d7e251378b4aea7e43261e1a756a29445b891f2e

commit d7e251378b4aea7e43261e1a756a29445b891f2e
Author: Stefan Holmer <stefan@webrtc.org>
Date: Thu Nov 23 14:18:38 2017

Fix potential overflow in congestion controller fuzzer.

Bug:  chromium:787753 
Change-Id: I43d765379216db35f3df748b16599b34bffd388f
Reviewed-on: https://webrtc-review.googlesource.com/25480
Reviewed-by: Björn Terelius <terelius@webrtc.org>
Commit-Queue: Stefan Holmer <stefan@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#20851}
[modify] https://crrev.com/d7e251378b4aea7e43261e1a756a29445b891f2e/test/fuzzers/congestion_controller_feedback_fuzzer.cc

Comment 5 by holmer@chromium.org, Nov 23 2017

Status: Fixed (was: Assigned)
Project Member

Comment 6 by ClusterFuzz, Nov 24 2017 

ClusterFuzz has detected this issue as fixed in range 519012:519020.

Detailed report: https://clusterfuzz.com/testcase?key=4746143996313600

Fuzzer: libFuzzer_congestion_controller_feedback_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  webrtc::FuzzOneInput
  webrtc_fuzzer_main.cc
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=407738:407796
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=519012:519020

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4746143996313600

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 7 by ClusterFuzz, Nov 24 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Fixed)
ClusterFuzz testcase 4746143996313600 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Comment 8 by holmer@chromium.org, Nov 27 2017

Cc: holmer@chromium.org pbos@chromium.org
 Issue 653699  has been merged into this issue.

Sign in to add a comment