New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 846009 link

Starred by 2 users

Issue metadata

Status: Verified
Owner:
Closed: May 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug-Regression

Blocking:
issue 832852



Sign in to add a comment

Null-dereference READ in av_encryption_info_clone

Project Member Reported by ClusterFuzz, May 23 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5921167345713152

Fuzzer: inferno_flicker
Job Type: linux_msan_chrome
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000038
Crash State:
  av_encryption_info_clone
  mov_read_sample_encryption_info
  mov_parse_auxiliary_info
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=560370:560378

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5921167345713152

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 
Cc: liber...@chromium.org brajkumar@chromium.org
Components: Internals>Media>FFmpeg
Labels: -Type-Bug M-68 Test-Predator-Wrong Type-Bug-Regression
Unable to find actual suspect through code search and also observing no related CL's under regression range, hence adding appropriate label and requesting someone from media team to look in to this issue.

Thanks!
Labels: CF-NeedsTriage
Blocking: 832852
Cc: -liber...@chromium.org
Owner: liber...@chromium.org
Status: Assigned (was: Untriaged)
probably the ffmpeg roll: https://chromium-review.googlesource.com/1066181
Project Member

Comment 5 by bugdroid1@chromium.org, May 25 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/78bba462b9e713ab5edd0d3b0ee15733d19e8465

commit 78bba462b9e713ab5edd0d3b0ee15733d19e8465
Author: liberato@chromium.org <liberato@chromium.org>
Date: Fri May 25 20:37:20 2018

Roll src/third_party/ffmpeg/ 1da9c3346d8 (1 commit)

Includes "null check for encryption info", reviewed here:

https://chromium-review.googlesource.com/1072163

This CL does not roll to origin/master, since that is currently in
a broken state (merge from upstream fails on the bots).  Instead,
1da9c3346d8 has origin/merge-m68 as a parent.

Created with:
  roll-dep src/third_party/ffmpeg
BUG=832852,  846009 

Change-Id: I09714fed74c90c6173a9fc8c33db7458fc26b38f
Reviewed-on: https://chromium-review.googlesource.com/1072520
Commit-Queue: Frank Liberato <liberato@chromium.org>
Reviewed-by: Matthew Wolenetz <wolenetz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#561997}
[modify] https://crrev.com/78bba462b9e713ab5edd0d3b0ee15733d19e8465/DEPS

Project Member

Comment 6 by ClusterFuzz, May 26 2018

ClusterFuzz has detected this issue as fixed in range 561996:561998.

Detailed report: https://clusterfuzz.com/testcase?key=5921167345713152

Fuzzer: inferno_flicker
Job Type: linux_msan_chrome
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000038
Crash State:
  av_encryption_info_clone
  mov_read_sample_encryption_info
  mov_parse_auxiliary_info
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=560370:560378
Fixed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=561996:561998

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5921167345713152

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 7 by ClusterFuzz, May 26 2018

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 5921167345713152 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment