New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 823009 link

Starred by 3 users

Issue metadata

Status: Verified
Owner:
Closed: Mar 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug

Blocked on:
issue 822547

Blocking:
issue 803898



Sign in to add a comment

Abrt in mov_seek_stream

Project Member Reported by ClusterFuzz, Mar 17 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5120477845258240

Fuzzer: inferno_flicker
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Abrt
Crash Address: 0x053900005f70
Crash State:
  mov_seek_stream
  mov_read_seek
  av_seek_frame
  
Sanitizer: thread (TSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=543529:543532

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5120477845258240

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 
Project Member

Comment 1 by ClusterFuzz, Mar 17 2018

Components: Internals>Media>FFmpeg
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Mar 17 2018

Cc: mich...@niedermayer.cc
Labels: Test-Predator-Auto-CC
Automatically adding ccs based on suspected regression changelists:

avformat/mov: Fix integer overflow in mov_get_stsc_samples() by michael@niedermayer.cc - https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/367929bed9def1ccdd9a0f4ac5b7b98d1993782d

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.
Owner: chcunningham@chromium.org
Status: Assigned (was: Untriaged)
chris, can you take a look this crash? it is marked P1.
feel free to re-assign if need.
Cc: chcunningham@chromium.org
Owner: wolenetz@chromium.org
This looks just like bug 822666 and bug 822547 (another duplicate hitting the new assert0 line that came in during the roll).
I've already reviewed an upstream fix from Michael that hopefully will land upstream soon.
I'll check if that fix fixes this instance, too. (Chris, I might shed some other new ffmpeg regression load to you though :) )

Blocking: 803898
Labels: M-67
Status: Started (was: Assigned)
I've confirmed locally that Michael's patch for 822666 and 822547 also fixes this issue.

I'll cherry-pick into Chromium once the fix lands upstream.
Blockedon: 822547
Project Member

Comment 8 by bugdroid1@chromium.org, Mar 20 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/5baad932589a94969782df630db02ec0293d920f

commit 5baad932589a94969782df630db02ec0293d920f
Author: Matt Wolenetz <wolenetz@chromium.org>
Date: Tue Mar 20 20:35:11 2018

avformat/mov: Check STSC and remove invalid entries

Fixes assertion failure.

Applied from upstream patch currently in review at
https://patchwork.ffmpeg.org/patch/8051/, authored by
michael@niedermayer.cc.

BUG=822547,822666, 823009 

Change-Id: Id9ab21dfe96c916d53b3c596d5cbaa3da27202fa
Reviewed-on: https://chromium-review.googlesource.com/971356
Reviewed-by: Xiaohan Wang <xhwang@chromium.org>

[modify] https://crrev.com/5baad932589a94969782df630db02ec0293d920f/libavformat/mov.c
[modify] https://crrev.com/5baad932589a94969782df630db02ec0293d920f/chromium/patches/README

See https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/9e67447a4ffacf28af8bace33faf3ea432ddc43e for the upstream version of #7 that just now landed upstream.
Project Member

Comment 10 by bugdroid1@chromium.org, Mar 20 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/53f2cab46eacdcc6a17ed01e62acd813cca5ff44

commit 53f2cab46eacdcc6a17ed01e62acd813cca5ff44
Author: Matt Wolenetz <wolenetz@chromium.org>
Date: Tue Mar 20 23:15:04 2018

Roll src/third_party/ffmpeg/ 02ec9ce5a..5baad9325 (1 commit)

https://chromium.googlesource.com/chromium/third_party/ffmpeg.git/+log/02ec9ce5a9bc..5baad932589a

$ git log 02ec9ce5a..5baad9325 --date=short --no-merges --format='%ad %ae %s'
2018-03-20 wolenetz avformat/mov: Check STSC and remove invalid entries

Created with:
  roll-dep src/third_party/ffmpeg

BUG= 803898 ,822547,822666, 823009 
TBR=xhwang@chromium.org

Change-Id: Ia530bd05a622911055e7e79f3cd37aa8c5186350
Reviewed-on: https://chromium-review.googlesource.com/971767
Reviewed-by: Matthew Wolenetz <wolenetz@chromium.org>
Commit-Queue: Matthew Wolenetz <wolenetz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#544581}
[modify] https://crrev.com/53f2cab46eacdcc6a17ed01e62acd813cca5ff44/DEPS

Project Member

Comment 11 by ClusterFuzz, Mar 21 2018

ClusterFuzz has detected this issue as fixed in range 544580:544581.

Detailed report: https://clusterfuzz.com/testcase?key=5120477845258240

Fuzzer: inferno_flicker
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Abrt
Crash Address: 0x053900005f70
Crash State:
  mov_seek_stream
  mov_read_seek
  av_seek_frame
  
Sanitizer: thread (TSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=543529:543532
Fixed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=544580:544581

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5120477845258240

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 12 by ClusterFuzz, Mar 21 2018

Labels: ClusterFuzz-Verified
Status: Verified (was: Started)
ClusterFuzz testcase 5120477845258240 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment