New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 892290 link

Starred by 1 user
Status: Assigned
Owner:
aleloi@chromium.org
Cc:
mflodman@webrtc.org
kkaluri@chromium.org
kwiberg@webrtc.org
henrika@webrtc.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug



Sign in to add a comment

Integer-overflow in AllPassFilter

Project Member Reported by ClusterFuzz, Oct 4 
Detailed report: https://clusterfuzz.com/testcase?key=6391336666923008

Fuzzer: libFuzzer_audio_processing_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  AllPassFilter
  SplitFilter
  WebRtcVad_CalculateFeatures
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=572608:573019

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6391336666923008

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
Project Member

Comment 1 by ClusterFuzz, Oct 4

Cc: kwiberg@webrtc.org mflodman@webrtc.org henrika@webrtc.org
Labels: ClusterFuzz-Auto-CC
Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Comment 2 by aleloi@chromium.org, Oct 5

Labels: -Pri-2 Pri-3
The comment a few lines above says:

  // The filter can only cause overflow (in the w16 output variable)
  // if more than 4 consecutive input numbers are of maximum value and
  // has the the same sign as the impulse responses first taps.
  // First 6 taps of the impulse response:
  // 0.6399 0.5905 -0.3779 0.2418 -0.1547 0.0990

The original authors thought of this and didn't deem it important.

Setting P3.

Comment 3 by kkaluri@chromium.org, Oct 8

Cc: kkaluri@chromium.org
Labels: M-70 CF-NeedsTriage Test-Predator-Wrong
Unable to find actual suspect through code search and also observing no CL's under regression range, hence adding appropriate label and requesting someone from dev team to look in to this issue.

Thanks!

Comment 4 by manoranj...@chromium.org, Oct 12

Labels: -Test-Predator-Wrong -CF-NeedsTriage
kkaluri@, c#2 took care of the triaging effort here.

Comment 5 by dtapu...@chromium.org, Nov 23

Components: Blink>WebRTC

Comment 6 by guidou@chromium.org, Nov 24

Components: -Blink>WebRTC Blink>WebRTC>Audio

Comment 7 by jonasolsson@chromium.org, Nov 30

Owner: aleloi@chromium.org
Status: Assigned (was: Untriaged)
Project Member

Comment 8 by ClusterFuzz, Dec 1

Labels: -Reproducible Unreproducible
ClusterFuzz testcase 6391336666923008 appears to be flaky, updating reproducibility label.

Comment 9 by infe...@chromium.org, Dec 1

Labels: -Unreproducible Reproducible
Please ignore the last comment about testcase being unreproducible. The testcase is still reproducible. This happened due to a code refactoring on ClusterFuzz side, and the underlying root cause is now fixed. Resetting the label back to Reproducible. Sorry about the inconvenience caused from these incorrect notifications.

Comment 10 by infe...@chromium.org, Dec 1

Labels: -Unreproducible Reproducible
Please ignore the last comment about testcase being unreproducible. The testcase is still reproducible. This happened due to a code refactoring on ClusterFuzz side, and the underlying root cause is now fixed. Resetting the label back to Reproducible. Sorry about the inconvenience caused from these incorrect notifications.

Sign in to add a comment