Tentatively assign to wolenetz@ since he'll be doing the FFmpeg roll for M51.

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5479415445716992

Fuzzer: libfuzzer_media_pipeline_integration_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 8
Crash Address: 0x60c000005190
Crash State:
  vorbis_header
  ogg_packet
  ogg_get_length
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=379001:379054

Minimized Testcase (4.41 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97e7X3z2P_Bx1IYEsQiHabcyhiNqMThPoM5GxLyPD8uCRetLvpQram5INxYsWDPLn6qXHfPQeYpQ4stuJEP6CH5oa6OndRVhlJX_KHqB5K8omznKRKsa5fJ1k6Z33WYjvzmI4Iez0_H3vigO8NE694uUysQmg

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5176463392768000

Fuzzer: libfuzzer_media_pipeline_integration_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 8
Crash Address: 0x60600000bbb0
Crash State:
  vorbis_header
  ogg_packet
  ogg_get_length
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=379001:379054

Minimized Testcase (0.36 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97E7RsPDc_qQXgMkGcFRE3vYhUqbzGUbGIG46Y73v-F4g-exfUScBBhEx3nzmhpaQ8fIbyIEzhigsB70yWbMwjKr0u0gbYmGWj700lZoa61fWPCGcIpoNMtikk21PaVo5KnNoe4D7E4Tmnq1dmDE249s1j7lw

Filer: mmoroz

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

I would recommend to refer to the latest report from ClusterFuzz (https://cluster-fuzz.appspot.com/testcase?key=5176463392768000) for reproduction, etc.

wolenetz: Uh oh! This issue still open and hasn't been updated in the last 26 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sharding this one to chcunningham@. Thanks Chris!

chcunningham: Uh oh! This issue still open and hasn't been updated in the last 49 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This seems likely to be same root cause as  Issue 600669 . Same stack / line number.

Note, it matches the *latest* stack for  Issue 600669 . See https://bugs.chromium.org/p/chromium/issues/detail?id=600669#c13

ClusterFuzz has detected this issue as fixed in range 392580:392609.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5176463392768000

Fuzzer: libfuzzer_media_pipeline_integration_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 8
Crash Address: 0x60600000bbb0
Crash State:
  vorbis_header
  ogg_packet
  ogg_get_length
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=379001:379054
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=392580:392609

Minimized Testcase (0.36 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97E7RsPDc_qQXgMkGcFRE3vYhUqbzGUbGIG46Y73v-F4g-exfUScBBhEx3nzmhpaQ8fIbyIEzhigsB70yWbMwjKr0u0gbYmGWj700lZoa61fWPCGcIpoNMtikk21PaVo5KnNoe4D7E4Tmnq1dmDE249s1j7lw

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot