Integer-overflow in update_initial_timestamps |
||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5454035113738240 Fuzzer: libFuzzer_media_pipeline_integration_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: update_initial_timestamps compute_pkt_fields parse_packet Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=495538:495564 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5454035113738240 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Apr 11 2018
,
Apr 12 2018
Frank, since I'm syncing w/Michael this week, I'll start on this (though it may pass to you to fix in your roll). I have a confirmed local repro in media_pipeline_integration_fuzzer and current upstream ffplay (-ss 0 is necessary to get ffplay to hit the repro path). I've sent the case upstream to Michael today.
,
Apr 12 2018
,
Apr 30 2018
the fix is in upstream (37d46dc21d7), so will land with the M68 roll.
,
May 7 2018
ClusterFuzz testcase 5454035113738240 is still reproducing on tip-of-tree build (trunk). Please re-test your fix against this testcase and if the fix was incorrect or incomplete, please re-open the bug. Otherwise, ignore this notification and add ClusterFuzz-Wrong label.
,
May 9 2018
Frank, don't mark fixed until the roll actually lands. Also, after the roll lands, the nightly fuzzer rerun of this case should verify it fixed and mark the bug accordingly. Reactivating to make sure this gets tracked as roll lands.
,
May 22 2018
ClusterFuzz has detected this issue as fixed in range 560367:560380. Detailed report: https://clusterfuzz.com/testcase?key=5454035113738240 Fuzzer: libFuzzer_media_pipeline_integration_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: update_initial_timestamps compute_pkt_fields parse_packet Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=495538:495564 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=560367:560380 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5454035113738240 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 22 2018
ClusterFuzz testcase 5454035113738240 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by ClusterFuzz
, Apr 11 2018Labels: Test-Predator-Auto-Components