providing Findit results for internal purpose:

Suspected CLs	Findit could not determine the memory tool from the stacktrace. Is it in a new format?

using Codesearch, seeing some changes to 'HTMLMediaElement.cpp' in 
https://chromium.googlesource.com/chromium/src/+/84512f5a48edc83ac61bd8fe5dff0f4743a8595e

dcheng@, Could you please check the above issue & help us in finding an owner it its not yours.

Assigning to the person who added the assert.

IMO, fixit should be taking into account the author of an assert: it can provide valuable information on who might know more about this code.

+foolip@

This is interesting: we did not think of the case where the play() method would be called and the playback would stop before it could be resolved. I think we should reject the promises in this case. Note that it requires an HTML spec change.

I have a CL up and I sent a change to the HTML spec. Note that it's only a DCHECK. It shouldn't crash on a release build.

A fix has landed but I linked to the wrong bug. See:

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/cbed5d5488c6b659aee576611b0e21efc29a0dce

commit cbed5d5488c6b659aee576611b0e21efc29a0dce
Author: mlamouri <mlamouri@chromium.org>
Date: Fri Aug 19 13:13:03 2016

Reject play promises when the playback reaches the end.

This is implementing a recent change in the HTML specification.

BUG=  636226  
TEST=fuzzer
R=foolip@chromium.org

Review-Url: https://codereview.chromium.org/2237503002
Cr-Commit-Position: refs/heads/master@{#413122}

[modify] https://crrev.com/cbed5d5488c6b659aee576611b0e21efc29a0dce/third_party/WebKit/Source/core/html/HTMLMediaElement.cpp

ClusterFuzz has detected this issue as fixed in range 413090:413122.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5182745326387200

Fuzzer: inferno_flicker
Job Type: linux_debug_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !m_paused || m_playPromiseResolvers.isEmpty() in HTMLMediaElement.cpp
  blink::HTMLMediaElement::invokeLoadAlgorithm
  blink::HTMLMediaElement::load
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_chrome&range=409589:409828
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_chrome&range=413090:413122

Minimized Testcase (1.36 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94uwx4xbozTu5m7iu3aoSx_Lb0EYhvwk3NcVVOzoB0kGDiMHU7K-KnbHYmi3stiwAK9YuJ6ffYQlkaXMxwtWVEvxhxmRkLjaAW3PY5HaW5iDTqAfV8-Z9N-wpINHkpvEdeoNTWLVYY_GeUtEt-xGzQTTPA11w?testcase_id=5182745326387200

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot