Integer-overflow in ff_pcm_read_seek |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4806169183649792 Fuzzer: libFuzzer_media_pipeline_integration_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: ff_pcm_read_seek seek_frame_internal av_seek_frame Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=458516:458571 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4806169183649792 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. Note: This crash might not be reproducible with the provided testcase. That said, for the past 14 days we've been seeing this crash frequently. If you are unable to reproduce this, please try a speculative fix based on the crash stacktrace in the report. The fix can be verified by looking at the crash statistics in the report, a day after the fix is deployed. We will auto-close the bug if the crash is not seen for 14 days.
,
Dec 1
Automatically adding ccs based on OWNERS file / target commit history. If this is incorrect, please add ClusterFuzz-Wrong label.
,
Dec 1
Automatically adding ccs based on suspected regression changelists: avformat/utils: Also fill dts==RELATIVE_TS_BASE packets in update_initial_durations() by michael@niedermayer.cc - https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/3206ea4ba31ebf446a3c4f1220adb895b3272c15 avformat: Ignore ID3v2 tags if other tags are present e.g. vorbis by paul.arzelier@free.fr - https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/65862f57ad2f7f49d715f334a9d892e0b20d42f1 If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.
,
Dec 12
ClusterFuzz has detected this issue as fixed in range 615699:615711. Detailed report: https://clusterfuzz.com/testcase?key=4806169183649792 Fuzzer: libFuzzer_media_pipeline_integration_fuzzer Fuzz target binary: media_pipeline_integration_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: ff_pcm_read_seek seek_frame_internal av_seek_frame Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=458516:458571 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=615699:615711 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4806169183649792 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Dec 12
ClusterFuzz testcase 4806169183649792 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Dec 12
,
Jan 9
michael@/paul.arzelier@ : Could you please look into this issue.
,
Jan 9
=>Chris as part of ffmpeg roll.
,
Jan 9
,
Jan 9
> "Could you please look into this issue." I thought this was fixed as "ClusterFuzz has detected this issue as fixed..." Also both the testcase and the detailed report are "Access Denied" so iam not sure what i could do
,
Jan 9
Rolling from upstream is nearly landed. Lets see if its still reproducing when that goes though. If so I'll proxy the details/testcases. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by ClusterFuzz
, Dec 1Labels: Test-Predator-Auto-Components