Abrt in fuzz_webp_enc_dec.cc |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5534098141216768 Fuzzer: libFuzzer_libwebp_enc_dec_api_fuzzer Fuzz target binary: libwebp_enc_dec_api_fuzzer Job Type: x86_libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Abrt Crash Address: 0x0009d9d4 Crash State: fuzz_webp_enc_dec.cc Sanitizer: address (ASAN) Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5534098141216768 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally.
,
Dec 20
Assigning to yguyon@ based on his work with the fuzzers. I'm not sure if this is a useful crash or based on fuzzer + Chrome build configuration.
,
Dec 21
This problem is occurring in 32-bit version with multi-threading enabled. This patch seems to fix the bug: https://chromium-review.googlesource.com/c/webm/libwebp/+/1387927
,
Dec 28
ClusterFuzz testcase 5534098141216768 is still reproducing on tip-of-tree build (trunk). Please re-test your fix against this testcase and if the fix was incorrect or incomplete, please re-open the bug. Otherwise, ignore this notification and add ClusterFuzz-Wrong label.
,
Jan 2
The following revision refers to this bug: https://chromium.googlesource.com/webm/libwebp/+/928a75deca64a4046c9270cfa7e8759f43334769 commit 928a75deca64a4046c9270cfa7e8759f43334769 Author: Yannis Guyon <yguyon@google.com> Date: Wed Jan 02 09:13:36 2019 webp: Fix VP8LBitWriterClone() bug dst->cur_ was not set. The bug occurred only with several VP8LBitWriter instances (thread_level > 0) and in 32-bit (in 64-bit, src->cur_ was always 0 in VP8LBitWriterClone()). BUG=chromium:917029 Change-Id: I0d94a3d8e62b247fd616eebe1009868dc8a5ed2e [modify] https://crrev.com/928a75deca64a4046c9270cfa7e8759f43334769/src/utils/bit_writer_utils.c
,
Jan 2
The patch was submitted to the public repository of libwebp. This bug should be fixed after the next sync to chromium/third_party/libwebp.
,
Jan 7
,
Jan 9
Issue 920143 has been merged into this issue.
,
Jan 11
Issue 921053 has been merged into this issue.
,
Jan 11
Reopening to avoid duplicates. I'll cherry-pick the change to quiet the noise. This is only an issue in the fuzzer, we don't use the same configuration in chrome.
,
Jan 11
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d7059c04f566c7431b2f732ff9ea03c10e362d96 commit d7059c04f566c7431b2f732ff9ea03c10e362d96 Author: James Zern <jzern@chromium.org> Date: Fri Jan 11 22:55:34 2019 libwebp: cherry-pick VP8LBitWriter fuzzing fix 928a75de webp: Fix VP8LBitWriterClone() bug Note this only affects code tested under the fuzzer, chrome itself does not use threading. BUG=chromium:917029 Change-Id: I0d94a3d8e62b247fd616eebe1009868dc8a5ed2e Reviewed-on: https://chromium-review.googlesource.com/c/1407628 Reviewed-by: Urvang Joshi <urvang@chromium.org> Commit-Queue: James Zern <jzern@google.com> Cr-Commit-Position: refs/heads/master@{#622196} [modify] https://crrev.com/d7059c04f566c7431b2f732ff9ea03c10e362d96/third_party/libwebp/README.chromium [modify] https://crrev.com/d7059c04f566c7431b2f732ff9ea03c10e362d96/third_party/libwebp/src/utils/bit_writer_utils.c |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ClusterFuzz
, Dec 20Labels: ClusterFuzz-Auto-CC