Through code search on file suspected CL is 
https://chromium.googlesource.com/chromium/src/+/9c87c6fa459e38528942038abeeba8258ccf1404

watk@, could you please take a look and reassign if it is not your related changes.

Unrelated to my change. Assigning Dan to see if he knows what WMPI should be doing in this case.

Doesn't look new, would have affected pre-multibuffer code the same. I have no idea what we should do in this case; Blink has asked us if we should taint and we don't know yet; really it depends what Blink is going to do with the result.

The current code returns 'no taint' before DoLoad(), so the obvious thing to do is extend that to after DataSourceInitialized(). This is safer than it sounds because the canvas copy happens synchronously, but I can't say I feel good about it.

foolip@: Who owns the WebMediaPlayer::hasSingleSecurityOrigin() method? We can implement whatever Blink wants but there are no docs.

 watk@, thanks for re assigning the issue.

ClusterFuzz has detected this issue as fixed in range 413208:413324.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4786011756560384

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  init_cb_.is_null() && reader_.get(). Initialize() must complete before calling H
  media::MultibufferDataSource::HasSingleOrigin
  media::WebMediaPlayerImpl::hasSingleSecurityOrigin
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=361950:361952
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=413208:413324

Minimized Testcase (12.57 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94bCvuynJxq9odquCQBdpH02dlaPAZIYmMZEU6odMwxrZz7sfqPj5jeHgeEHgVWXybb1e3L4p6GW2pw0g2pPIxBTMu2Qw2KUi4YqsEkRgyDchPADlBorl9QnbiiZvVjoPBasfjPAXSzBg34_zx-qxAq4-653g?testcase_id=4786011756560384

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Nothing has changed here, reopening.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5227997626105856

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  init_cb_.is_null() && reader_.get(). Initialize() must complete before calling H
  media::MultibufferDataSource::HasSingleOrigin
  media::WebMediaPlayerImpl::hasSingleSecurityOrigin
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=317970:318001

Minimized Testcase (0.51 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95LrXJP1htqJIFRVkZLUD98OO9CFQOQ9APibe3UdNH6aY0E9LLdIyL_3PEIbEDJvxL_ppEJk02jWZ2dS-WPcY0bWmosKrdXkEF19JNHTHr59ruNE1oMLVk7N3gvjrZpZvBNHRVoXJsUJIFi2AePizSCIrYh0A?testcase_id=5227997626105856

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/dfe8ede1f60884311bb9c0c36417e31c53babef4

commit dfe8ede1f60884311bb9c0c36417e31c53babef4
Author: sandersd <sandersd@chromium.org>
Date: Wed Sep 14 03:10:45 2016

MultibufferDataSource: Handle HasSingleOrigin() before init completes.

This extends the time that WebMediaPlayerImpl::hasSingleSecurityOrigin()
returns true from "until the data source exists" to "until the data source is
initialized". I've verified (by source code inspection) that every existing
caller is safe with respect to races here. It seems to be an undocumented
rule followed by Blink developers.

BUG= 638763 

Review-Url: https://codereview.chromium.org/2341483003
Cr-Commit-Position: refs/heads/master@{#418472}

[modify] https://crrev.com/dfe8ede1f60884311bb9c0c36417e31c53babef4/media/blink/multibuffer_data_source.cc

ClusterFuzz has detected this issue as fixed in range 418451:418474.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5227997626105856

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  init_cb_.is_null() && reader_.get(). Initialize() must complete before calling H
  media::MultibufferDataSource::HasSingleOrigin
  media::WebMediaPlayerImpl::hasSingleSecurityOrigin
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=317970:318001
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=418451:418474

Minimized Testcase (0.51 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95LrXJP1htqJIFRVkZLUD98OO9CFQOQ9APibe3UdNH6aY0E9LLdIyL_3PEIbEDJvxL_ppEJk02jWZ2dS-WPcY0bWmosKrdXkEF19JNHTHr59ruNE1oMLVk7N3gvjrZpZvBNHRVoXJsUJIFi2AePizSCIrYh0A?testcase_id=5227997626105856

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

We have made a bunch of changes on ClusterFuzz side, so resetting ClusterFuzz-Wrong label.