New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 811613 link

Starred by 1 user
Status: Verified
Owner:
danilchap@chromium.org
Last visit > 30 days ago
Closed: Feb 2018
Cc:
danilchap@webrtc.org
emadomara@chromium.org
webrtc-network-bugs@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Timeout in rtp_packet_fuzzer

Project Member Reported by ClusterFuzz, Feb 13 2018 
Detailed report: https://clusterfuzz.com/testcase?key=5143287426711552

Fuzzer: libFuzzer_rtp_packet_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Timeout (exceeds 25 secs)
Crash Address: 
Crash State:
  rtp_packet_fuzzer
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=465919:466809

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5143287426711552

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
Project Member

Comment 1 by ClusterFuzz, Feb 13 2018

Cc: danilchap@webrtc.org
Labels: Test-Predator-Auto-CC
Automatically adding ccs based on suspected regression changelists:

Add read support of RtpStreamId/RepairedRtpStreamId header extensions. by danilchap@webrtc.org - https://chromium.googlesource.com/external/webrtc/trunk/webrtc/+/b78015198e1760e8c5f0737d0f2dd7a1b67c1192

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.

Comment 2 by danilchap@chromium.org, Feb 13 2018

Components: Blink>WebRTC>Network
Labels: -Pri-1 Pri-2
Owner: danilchap@chromium.org
Status: Started (was: Untriaged)
May happen only when rtp packet is larger than 2^16 bytes.
Project Member

Comment 3 by bugdroid1@chromium.org, Feb 13 2018 

The following revision refers to this bug:
  https://webrtc.googlesource.com/src.git/+/61405bcb1901a3fe7a4649aeffeb6b621ff79090

commit 61405bcb1901a3fe7a4649aeffeb6b621ff79090
Author: Danil Chapovalov <danilchap@webrtc.org>
Date: Tue Feb 13 14:42:45 2018

Fix infinite loop in rtp packet parsing

when rtp header extension is larger than 2^16 bytes

Bug:  chromium:811613 
Change-Id: I05b725d734dd628056d603b596d3523e827ddb54
Reviewed-on: https://webrtc-review.googlesource.com/52345
Commit-Queue: Danil Chapovalov <danilchap@webrtc.org>
Reviewed-by: Alex Loiko <aleloi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#22003}
[modify] https://crrev.com/61405bcb1901a3fe7a4649aeffeb6b621ff79090/modules/rtp_rtcp/source/rtp_packet.cc
[modify] https://crrev.com/61405bcb1901a3fe7a4649aeffeb6b621ff79090/modules/rtp_rtcp/source/rtp_packet.h
[add] https://crrev.com/61405bcb1901a3fe7a4649aeffeb6b621ff79090/test/fuzzers/corpora/rtp-corpus/rtp-6
Project Member

Comment 4 by ClusterFuzz, Feb 14 2018 

ClusterFuzz has detected this issue as fixed in range 536436:536468.

Detailed report: https://clusterfuzz.com/testcase?key=5143287426711552

Fuzzer: libFuzzer_rtp_packet_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Timeout (exceeds 25 secs)
Crash Address: 
Crash State:
  rtp_packet_fuzzer
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=465919:466809
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=536436:536468

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5143287426711552

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 5 by ClusterFuzz, Feb 14 2018

Labels: ClusterFuzz-Verified
Status: Verified (was: Started)
ClusterFuzz testcase 5143287426711552 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment