->danilchap@, please hand it back if you don't have the bandwidth to fix this

->sprang@, look like this one in function you just committed with https://codereview.webrtc.org/1979443004/

This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Let me know if you need any help reproducing fuzzing issues locally.

The following revision refers to this bug:
  https://chromium.googlesource.com/external/webrtc.git/+/6ebdf6b2cc0f3af30c95a085215cd05b91213a21

commit 6ebdf6b2cc0f3af30c95a085215cd05b91213a21
Author: Erik Språng <sprang@webrtc.org>
Date: Tue Jun 07 16:01:21 2016

Fix issue with parsing of incorrect (empty) Stap-A H264 NAL units.

Stap-A packets should be ignored if NAL unit size is less than one,
since that won't even fit the mandatory type header byte.

BUG= chromium:617097 
R=pbos@webrtc.org, stefan@webrtc.org

Review URL: https://codereview.webrtc.org/2039353002 .

Cr-Commit-Position: refs/heads/master@{#13057}

[modify] https://crrev.com/6ebdf6b2cc0f3af30c95a085215cd05b91213a21/webrtc/modules/rtp_rtcp/source/rtp_format_h264.cc
[modify] https://crrev.com/6ebdf6b2cc0f3af30c95a085215cd05b91213a21/webrtc/modules/rtp_rtcp/source/rtp_format_h264_unittest.cc

ClusterFuzz has detected this issue as fixed in range 398366:399171.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6393258519560192

Fuzzer: libfuzzer_h264_depacketizer_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 1
Crash Address: 0x60500000cf2b
Crash State:
  webrtc::RtpDepacketizerH264::ProcessStapAOrSingleNalu
  webrtc::RtpDepacketizerH264::Parse
  webrtc::FuzzOneInput
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=397426:397565
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=398366:399171

Minimized Testcase (0.01 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96R6SVUoiKajRSRx9GGEZu9Okw_yyL9fxBPKBSYJXsAuZcW53qZ1l8qE2K9DgSmzfLy4d-5-94OqyV2UFN_NwZeAEhAcyDaP7aes94SQl3rFx3fDohnB5zN_itYDrNF31G5tMqH8V3eRP5tyfu4TtTWM0TcBw

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sorry for the incorrect ClusterFuzz update, please ignore it. Reopening bug.

Please mark security bugs as fixed as soon as the fix lands, and before requesting merges.

- Your friendly ClusterFuzz

Why was the ClusterFuzz update incorrect? I expected this to be fixed by webrtc r13057 (rolled into Chromium at r398550)

This case looks correct, but there were some changes on ClusterFuzz side regarding ClusterFuzz-Verified label, so that update could be wrong.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot