Integer-overflow in webrtc::SpsParser::ParseSpsUpToVui |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6383901110173696 Fuzzer: libFuzzer_h264_bitstream_parser_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: webrtc::SpsParser::ParseSpsUpToVui webrtc::SpsParser::ParseSps webrtc::H264BitstreamParser::ParseSlice Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=528024:528035 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6383901110173696 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Jan 17 2018
As per the below link assigning to the reviewer of the file. https://webrtc-review.googlesource.com/c/src/+/36520 sprang@ Could you please take a look in to this issue? Thanks!
,
Feb 9 2018
The following revision refers to this bug: https://webrtc.googlesource.com/src.git/+/845a26214d51401a8c7ef767348336eb19c662ef commit 845a26214d51401a8c7ef767348336eb19c662ef Author: Erik Språng <sprang@webrtc.org> Date: Fri Feb 09 13:52:48 2018 Prevent potential integer overflow in sps parser Bug: webrtc:8275 , chromium:800698 Change-Id: I4dcba8ba480cd2a1b97dc09e97f585f2b3cf3279 Reviewed-on: https://webrtc-review.googlesource.com/40443 Reviewed-by: Sergey Silkin <ssilkin@webrtc.org> Reviewed-by: Magnus Jedvert <magjed@webrtc.org> Commit-Queue: Erik Språng <sprang@webrtc.org> Cr-Commit-Position: refs/heads/master@{#21971} [modify] https://crrev.com/845a26214d51401a8c7ef767348336eb19c662ef/common_video/h264/sps_parser.cc [modify] https://crrev.com/845a26214d51401a8c7ef767348336eb19c662ef/common_video/h264/sps_parser_unittest.cc
,
Feb 10 2018
ClusterFuzz has detected this issue as fixed in range 535947:535951. Detailed report: https://clusterfuzz.com/testcase?key=6383901110173696 Fuzzer: libFuzzer_h264_bitstream_parser_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: webrtc::SpsParser::ParseSpsUpToVui webrtc::SpsParser::ParseSps webrtc::H264BitstreamParser::ParseSlice Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=528024:528035 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=535947:535951 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6383901110173696 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Feb 10 2018
ClusterFuzz testcase 6383901110173696 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Feb 13 2018
The following revision refers to this bug: https://webrtc.googlesource.com/src.git/+/9ea1afaddc58768fa3aba3cc4e4ac4da21f6e842 commit 9ea1afaddc58768fa3aba3cc4e4ac4da21f6e842 Author: Erik Språng <sprang@webrtc.org> Date: Tue Feb 13 12:15:36 2018 Prevent potential integer overflow in sps parser Merge to M65 branch. Original fix: https://webrtc-review.googlesource.com/c/src/+/40443 Bug: webrtc:8275 , chromium:800698 , chromium:811342 Change-Id: Ic16942041ecce7766192771e51ed97de891b9590 Reviewed-on: https://webrtc-review.googlesource.com/52344 Reviewed-by: Magnus Jedvert <magjed@webrtc.org> Cr-Commit-Position: refs/branch-heads/65@{#16} Cr-Branched-From: 3ac67a736bb200ecf7c116a88b2f8d5c542973c8-refs/heads/master@{#21637} [modify] https://crrev.com/9ea1afaddc58768fa3aba3cc4e4ac4da21f6e842/common_video/h264/sps_parser.cc [modify] https://crrev.com/9ea1afaddc58768fa3aba3cc4e4ac4da21f6e842/common_video/h264/sps_parser_unittest.cc |
||||
►
Sign in to add a comment |
||||
Comment 1 by ClusterFuzz
, Jan 10 2018Labels: Test-Predator-Auto-CC