Integer-overflow in WebRtcIlbcfix_Smooth_odata |
||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4552396387385344 Fuzzer: libFuzzer_audio_decoder_ilbc_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: WebRtcIlbcfix_Smooth_odata WebRtcIlbcfix_Smooth WebRtcIlbcfix_Enhancer Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=396407:396452 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4552396387385344 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
May 18 2018
,
May 21 2018
,
May 23 2018
Hi Karl, Could you take a look at this one? You've fixed UBSan errors here before, so this one might be pretty straightforward.
,
May 23 2018
,
May 24 2018
,
May 25 2018
The following revision refers to this bug: https://webrtc.googlesource.com/src.git/+/e058568cc50ca7760a29df16a33eeb643a4e6b1d commit e058568cc50ca7760a29df16a33eeb643a4e6b1d Author: Karl Wiberg <kwiberg@webrtc.org> Date: Fri May 25 08:34:44 2018 iLBC decoding: Ignore a signed overflow It's always been there, and there's no security risk. Bug: chromium:843477 Change-Id: I6121943f23b477300cf60ffc4858ef0ab43466dc Reviewed-on: https://webrtc-review.googlesource.com/78782 Reviewed-by: Henrik Lundin <henrik.lundin@webrtc.org> Commit-Queue: Karl Wiberg <kwiberg@webrtc.org> Cr-Commit-Position: refs/heads/master@{#23393} [modify] https://crrev.com/e058568cc50ca7760a29df16a33eeb643a4e6b1d/modules/audio_coding/codecs/ilbc/smooth_out_data.c
,
May 28 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a6705ca906863c6f5f96e3cf8f8cf4a381ba491b commit a6705ca906863c6f5f96e3cf8f8cf4a381ba491b Author: webrtc-chromium-autoroll <webrtc-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Date: Mon May 28 07:54:11 2018 Roll src/third_party/webrtc/ 547e3169d..d7a076cc8 (39 commits) https://webrtc.googlesource.com/src.git/+log/547e3169d9e0..d7a076cc8e3f $ git log 547e3169d..d7a076cc8 --date=short --no-merges --format='%ad %ae %s' Created with: roll-dep src/third_party/webrtc BUG= chromium:846615 ,chromium:None,chromium:843477,chromium:None,chromium:None,chromium:None,chromium:None,chromium:749455,chromium:600254,chromium:600254,chromium:None,chromium:776681,chromium:None The AutoRoll server is located here: https://webrtc-chromium-roll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_archive_rel_ng;master.tryserver.chromium.mac:mac_chromium_archive_rel_ng TBR=webrtc-chromium-sheriffs-robots@google.com Change-Id: Ib82ca259df1fa58c02182b7bcf69740af5b766bc Reviewed-on: https://chromium-review.googlesource.com/1074448 Reviewed-by: webrtc-chromium-autoroll <webrtc-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Commit-Queue: webrtc-chromium-autoroll <webrtc-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#562203} [modify] https://crrev.com/a6705ca906863c6f5f96e3cf8f8cf4a381ba491b/DEPS
,
May 28 2018
The commit in comment 7 fixes the problem for me locally.
,
May 29 2018
ClusterFuzz has detected this issue as fixed in range 562200:562203. Detailed report: https://clusterfuzz.com/testcase?key=4552396387385344 Fuzzer: libFuzzer_audio_decoder_ilbc_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: WebRtcIlbcfix_Smooth_odata WebRtcIlbcfix_Smooth WebRtcIlbcfix_Enhancer Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=396407:396452 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=562200:562203 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4552396387385344 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 29 2018
ClusterFuzz testcase 4552396387385344 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Jun 7 2018
[bulk-edit: disregard if N/A] Can the owner please set milestone to this bug if applicable? |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by ClusterFuzz
, May 16 2018Labels: Test-Predator-Auto-CC