CHECK failure: ptr <= &buffer[buffer.size()-1 in avc.cc |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5332012736708608 Fuzzer: libFuzzer_mediasource_MP4_AVC1_pipeline_integration_fuzzer Fuzz target binary: mediasource_MP4_AVC1_pipeline_integration_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: ptr <= &buffer[buffer.size()-1 in avc.cc media::mp4::AVC::FindSubsampleIndex media::mp4::AVC::InsertParamSetsAnnexB Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=500678:500748 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5332012736708608 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Dec 5
Automatically adding ccs based on OWNERS file / target commit history. If this is incorrect, please add ClusterFuzz-Wrong label.
,
Dec 5
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/d95c2a9ca61a92f3baca34cfd05565fb53ed40a6 ([media] Refactor IsValidAnnexB checks.). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Dec 10
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d39f72b6f02df9fe6607659073e2ee4bde720c58 commit d39f72b6f02df9fe6607659073e2ee4bde720c58 Author: Dan Sanders <sandersd@chromium.org> Date: Mon Dec 10 23:43:48 2018 [media] Allow parameter set insertion at the end of a buffer. This case only comes up when there is no slice in an H.264 frame, so how it is handled isn't particularly important. I've chosen to allow insertion in this case to avoid changing the web-visible behavior. Bug: 911942 Change-Id: Ie1bba31663da144e922b0c19c519d986deb1a404 Reviewed-on: https://chromium-review.googlesource.com/c/1366878 Reviewed-by: John Rummell <jrummell@chromium.org> Commit-Queue: Dan Sanders <sandersd@chromium.org> Cr-Commit-Position: refs/heads/master@{#615324} [modify] https://crrev.com/d39f72b6f02df9fe6607659073e2ee4bde720c58/media/formats/mp4/avc.cc
,
Dec 11
ClusterFuzz has detected this issue as fixed in range 615316:615335. Detailed report: https://clusterfuzz.com/testcase?key=5332012736708608 Fuzzer: libFuzzer_mediasource_MP4_AVC1_pipeline_integration_fuzzer Fuzz target binary: mediasource_MP4_AVC1_pipeline_integration_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: ptr <= &buffer[buffer.size()-1 in avc.cc media::mp4::AVC::FindSubsampleIndex media::mp4::AVC::InsertParamSetsAnnexB Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=500678:500748 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=615316:615335 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5332012736708608 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Dec 11
ClusterFuzz testcase 5332012736708608 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by ClusterFuzz
, Dec 5Labels: Test-Predator-Auto-Components