Issue 921053 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 917029
Owner:	----
Closed:	Jan 11
Cc:	yguyon@google.com mbarow...@chromium.org jzern@chromium.org
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	1
Type:	Bug
Stability-Crash Reproducible Stability-Memory-AddressSanitizer Stability-Libfuzzer Clusterfuzz ClusterFuzz-Auto-CC

Abrt in fuzz_webp_enc_dec.cc

Project Member Reported by ClusterFuzz, Jan 11

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=6323777734180864

Fuzzer: libFuzzer_libwebp_enc_dec_api_fuzzer
Fuzz target binary: libwebp_enc_dec_api_fuzzer
Job Type: x86_libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: Abrt
Crash Address: 0x001bb211
Crash State:
  fuzz_webp_enc_dec.cc
  
Sanitizer: address (ASAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6323777734180864

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally.

Project Member

Comment 1 by ClusterFuzz, Jan 11

Cc: mbarow...@chromium.org
Labels: ClusterFuzz-Auto-CC

Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Comment 2 by mbarow...@chromium.org, Jan 11

Cc: jzern@chromium.org yguyon@google.com

+yguyon@: will this be fixed by that upstream patch?

Comment 3 by yguyon@google.com, Jan 11

Mergedinto: 917029
Status: Duplicate (was: Untriaged)

Yes.
Just adding this line to VP8LBitWriterClone() seems to fix it:
  dst->cur_ = dst->buf_ + current_size;
I used ".../clusterfuzz reproduce" command to verify.

►

Issue 921053 link

Issue metadata

Abrt in fuzz_webp_enc_dec.cc

Issue description

Comment 1 by ClusterFuzz, Jan 11

Comment 1 Deleted

Comment 2 by mbarow...@chromium.org, Jan 11

Comment 2 Deleted

Comment 3 by yguyon@google.com, Jan 11

Comment 3 Deleted

Sign in to add a comment