Integer-overflow in silk_noise_shape_quantizer_del_dec |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5791868697444352 Fuzzer: libFuzzer_audio_encoder_opus_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: silk_noise_shape_quantizer_del_dec silk_NSQ_del_dec_c silk_NSQ_wrapper_FLP Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=557220:557234 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5791868697444352 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Jun 5 2018
,
Jun 5 2018
Another Opus fuzzer bug.
,
Jun 14 2018
This is reproducible upstream and is likely related to the previous silk int-overflow issue we saw recently. There are actually several more overflows with the same input but it only affects a very small parameter space: floating point and very specific bitrates (e.g. 32 kbps but not 30/31 kbps). I'm working with the upstream maintainers to find the root cause and a fix.
,
Dec 1
ClusterFuzz testcase 5791868697444352 appears to be flaky, updating reproducibility label.
,
Dec 1
Please ignore the last comment about testcase being unreproducible. The testcase is still reproducible. This happened due to a code refactoring on ClusterFuzz side, and the underlying root cause is now fixed. Resetting the label back to Reproducible. Sorry about the inconvenience caused from these incorrect notifications.
,
Dec 1
Please ignore the last comment about testcase being unreproducible. The testcase is still reproducible. This happened due to a code refactoring on ClusterFuzz side, and the underlying root cause is now fixed. Resetting the label back to Reproducible. Sorry about the inconvenience caused from these incorrect notifications. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ClusterFuzz
, Jun 5 2018Labels: ClusterFuzz-Auto-CC