New issue
Advanced search Search tips

Issue 904094 link

Starred by 2 users

Issue metadata

Status: Assigned
Owner:
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug

Blocked on:
issue 916298



Sign in to add a comment

Integer-overflow in update_initial_timestamps

Project Member Reported by ClusterFuzz, Nov 10

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5676104947597312

Fuzzer: libFuzzer_audio_decoder_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  update_initial_timestamps
  compute_pkt_fields
  read_frame_internal
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=546308:546319

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5676104947597312

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
 
Project Member

Comment 1 by ClusterFuzz, Nov 10

Components: Internals>Media>FFmpeg
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Nov 10

Cc: mmoroz@chromium.org
Labels: ClusterFuzz-Auto-CC
Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.
Project Member

Comment 3 by ClusterFuzz, Nov 10

Labels: Test-Predator-Auto-Owner
Owner: mmoroz@chromium.org
Status: Assigned (was: Untriaged)
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/4b5068a99a84ff2edb34aa0549afc89aa751ccb4 (Add audio_decoder_fuzzer fuzz target.).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
Cc: -mmoroz@chromium.org liber...@chromium.org dalecur...@chromium.org wolenetz@chromium.org
Owner: ----
Status: Untriaged (was: Assigned)
Cc: kkaluri@chromium.org
Labels: M-71 CF-NeedsTriage
Unable to find actual suspect through code search and also observing no CL's under regression range, hence adding appropriate label and requesting someone from dev team to look in to this issue.

Thanks!
Owner: chcunningham@chromium.org
Status: Assigned (was: Untriaged)
Labels: -CF-NeedsTriage
Project Member

Comment 8 by ClusterFuzz, Dec 1

Labels: -Reproducible Unreproducible
ClusterFuzz testcase 5676104947597312 appears to be flaky, updating reproducibility label.
Labels: -Unreproducible Reproducible
Please ignore the last comment about testcase being unreproducible. The testcase is still reproducible. This happened due to a code refactoring on ClusterFuzz side, and the underlying root cause is now fixed. Resetting the label back to Reproducible. Sorry about the inconvenience caused from these incorrect notifications.
Project Member

Comment 10 by ClusterFuzz, Dec 12

ClusterFuzz has detected this issue as fixed in range 615699:615711.

Detailed report: https://clusterfuzz.com/testcase?key=5676104947597312

Fuzzer: libFuzzer_audio_decoder_fuzzer
Fuzz target binary: audio_decoder_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  update_initial_timestamps
  compute_pkt_fields
  read_frame_internal
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=546308:546319
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=615699:615711

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5676104947597312

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 11 by ClusterFuzz, Dec 12

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 5676104947597312 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Status: Assigned (was: Verified)
Blocking: 916298
Blocking: -916298
Blockedon: 916298

Sign in to add a comment