Null-dereference WRITE in vp8e_encode |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5104125713580032 Fuzzer: cpaulin_mediarecorder Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: Null-dereference WRITE Crash Address: 0x00000000002c Crash State: vp8e_encode vpx_codec_encode content::VpxEncoder::DoEncode Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=531727:531741 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5104125713580032 Additional requirements: Requires HTTP Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Jan 25 2018
Automatically adding ccs based on suspected regression changelists: vp8: Fix to multi-res-encoder for skipping streams. by marpan@google.com - https://chromium.googlesource.com/webm/libvpx/+/9debbc2ec7e6ff004dba4d66d2780e216ca50b1a Fix frame sizes in pkt to support spatial layers. by jianj@google.com - https://chromium.googlesource.com/webm/libvpx/+/2c2fea2c5bab1761de6ad36c93e030a395a3e77e If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.
,
Jan 25 2018
,
Feb 2 2018
The following revision refers to this bug: https://chromium.googlesource.com/webm/libvpx/+/519fed01c2846ab9294543a3d2d65efaa51ec85b commit 519fed01c2846ab9294543a3d2d65efaa51ec85b Author: Jerome Jiang <jianj@google.com> Date: Fri Feb 02 04:17:54 2018 Fix issue for 0 target bitrate in multi-res build. For encoding with --enable-multi-res-encoding, with 1 layer, when the target bitrate is set 0, under these conditions null pointer will be de-referenced. Fix is to check cpi->oxcf.mr_total_resolutions > 1. Also added NULL pointer check. This issue causes crash for asan build in chromium clusterfuzz. BUG= 805863 Change-Id: I9cd25af631395bc9fede3a12fb68af4021eb15f8 [modify] https://crrev.com/519fed01c2846ab9294543a3d2d65efaa51ec85b/vp8/vp8_cx_iface.c
,
Feb 2 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/3c5e2fbe2519b5e8daa58d98f5623ff0f023cb46 commit 3c5e2fbe2519b5e8daa58d98f5623ff0f023cb46 Author: Marco <marpan@google.com> Date: Fri Feb 02 21:12:36 2018 Roll src/third_party/libvpx/source/libvpx/ efa786d46..ac54d233b (5 commits) https://chromium.googlesource.com/webm/libvpx.git/+log/efa786d4649c..ac54d233b6d7 $ git log efa786d46..ac54d233b --date=short --no-merges --format='%ad %ae %s' 2018-01-25 jianj Fix issue for 0 target bitrate in multi-res build. 2018-01-31 jzern vp9_scale_test: parameterize filter type 2018-01-31 marpan vp9-svc: Add condition on allocation for scaled_temp. 2018-01-31 marpan vp9-svc: Fix to initialize downsampling filters. 2018-01-15 paulwilkins Further change to code detecting slide transitions. Created with: roll-dep src/third_party/libvpx/source/libvpx R=johannkoenig@google.com BUG= 805863 Change-Id: Ieafbf459fa3230edf26ea742b7cc85fdfc88be11 Reviewed-on: https://chromium-review.googlesource.com/899605 Commit-Queue: Marco Paniconi <marpan@google.com> Reviewed-by: Johann Koenig <johannkoenig@google.com> Cr-Commit-Position: refs/heads/master@{#534151} [modify] https://crrev.com/3c5e2fbe2519b5e8daa58d98f5623ff0f023cb46/DEPS [modify] https://crrev.com/3c5e2fbe2519b5e8daa58d98f5623ff0f023cb46/third_party/libvpx/README.chromium [modify] https://crrev.com/3c5e2fbe2519b5e8daa58d98f5623ff0f023cb46/third_party/libvpx/source/config/vpx_version.h
,
Feb 5 2018
|
||||
►
Sign in to add a comment |
||||
Comment 1 by ClusterFuzz
, Jan 25 2018Labels: Test-Predator-Auto-Components