Runtime error #3
Comments
chemag
added a commit
that referenced
this issue
Aug 9, 2024
Implemented equation (7-21) correctly.
Added a fuzzer unittest.
Tested:
Before:
```
$ ../build/fuzz/h264_bitstream_parser_fuzzer ../fuzz/corpus/h264_bitstream_parser_fuzzer/crash-8ab5ce8d529e1c76b686e7d5fec52460dd35a140
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 2723373092
INFO: Loaded 1 modules (2085 inline 8-bit counters): 2085 [0x640610, 0x640e35),
INFO: Loaded 1 PC tables (2085 PCs): 2085 [0x5f2538,0x5fa788),
../build/fuzz/h264_bitstream_parser_fuzzer: Running 1 inputs 1 time(s) each.
Running: ../fuzz/corpus/h264_bitstream_parser_fuzzer/crash-8ab5ce8d529e1c76b686e7d5fec52460dd35a140
h264_bitstream_parser_fuzzer: h264nal/webrtc/rtc_base/bit_buffer.cc:123: bool rtc::BitBuffer::PeekBits(size_t, uint32_t &): Assertion `bit_count > 0' failed.
==3232375== ERROR: libFuzzer: deadly signal
#0 0x548665 in __sanitizer_print_stack_trace (h264nal/build/fuzz/h264_bitstream_parser_fuzzer+0x548665) (BuildId: 2597a253418594a64ea5b0a174c0002984c7fc61)
#1 0x4a209c in fuzzer::PrintStackTrace() (h264nal/build/fuzz/h264_bitstream_parser_fuzzer+0x4a209c) (BuildId: 2597a253418594a64ea5b0a174c0002984c7fc61)
#2 0x486e57 in fuzzer::Fuzzer::CrashCallback() (h264nal/build/fuzz/h264_bitstream_parser_fuzzer+0x486e57) (BuildId: 2597a253418594a64ea5b0a174c0002984c7fc61)
#3 0x7f549bf3dcff (/lib64/libc.so.6+0x40cff) (BuildId: 77c77fee058b19c6f001cf2cb0371ce3b8341211)
#4 0x7f549bf96663 in __pthread_kill_implementation /usr/src/debug/glibc-2.39-22.fc40.x86_64/nptl/pthread_kill.c:43:17
#5 0x7f549bf3dc4d in gsignal /usr/src/debug/glibc-2.39-22.fc40.x86_64/signal/../sysdeps/posix/raise.c:26:13
#6 0x7f549bf25901 in abort /usr/src/debug/glibc-2.39-22.fc40.x86_64/stdlib/abort.c:79:7
#7 0x7f549bf2581d in __assert_fail_base.cold /usr/src/debug/glibc-2.39-22.fc40.x86_64/assert/assert.c:94:3
#8 0x7f549bf35d86 in __assert_fail /usr/src/debug/glibc-2.39-22.fc40.x86_64/assert/assert.c:103:3
#9 0x5c51a3 in rtc::BitBuffer::PeekBits(unsigned long, unsigned int&) h264nal/webrtc/rtc_base/bit_buffer.cc:123:3
#10 0x5c5048 in rtc::BitBuffer::ReadBits(unsigned long, unsigned int&) h264nal/webrtc/rtc_base/bit_buffer.cc:188:10
#11 0x5bb8ec in h264nal::H264SliceHeaderParser::ParseSliceHeader(rtc::BitBuffer*, unsigned int, unsigned int, h264nal::H264BitstreamParserState*) h264nal/src/h264_slice_header_parser.cc:476:22
...
#24 0x46bad4 in _start (h264nal/build/fuzz/h264_bitstream_parser_fuzzer+0x46bad4) (BuildId: 2597a253418594a64ea5b0a174c0002984c7fc61)
NOTE: libFuzzer has rudimentary signal handlers.
Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
```
After:
```
$ ../build/fuzz/h264_bitstream_parser_fuzzer ../fuzz/corpus/h264_bitstream_parser_fuzzer/crash-8ab5ce8d529e1c76b686e7d5fec52460dd35a140
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 1396213500
INFO: Loaded 1 modules (2085 inline 8-bit counters): 2085 [0x640610, 0x640e35),
INFO: Loaded 1 PC tables (2085 PCs): 2085 [0x5f2538,0x5fa788),
../build/fuzz/h264_bitstream_parser_fuzzer: Running 1 inputs 1 time(s) each.
Running: ../fuzz/corpus/h264_bitstream_parser_fuzzer/crash-8ab5ce8d529e1c76b686e7d5fec52460dd35a140
Executed ../fuzz/corpus/h264_bitstream_parser_fuzzer/crash-8ab5ce8d529e1c76b686e7d5fec52460dd35a140 in 0 ms
***
*** NOTE: fuzzing was not performed, you have only
*** executed the target code on a fixed set of inputs.
***
```
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
terminate called after throwing an instance of 'std::length_error'
what(): cannot create std::vector larger than max_size()
Aborted (core dumped)
The text was updated successfully, but these errors were encountered: