This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

No obvious CL in regression range, assigning to dalecurtis who has worked in the video_render_impl.cc file, please re-assign as appropriate.  Thanks.

**** Bulk edit -  please ignore if not applicable ****

This bug  is reported as M55 Beta blocker and we're getting closer to M55 Beta promotion. 
Please plan to have fix ready and merged to M55 branch (2883) by 5:00 PM PT, Monday(10/10) so it has enough baking time in Dev before Beta promotion. Thank you.

ClusterFuzz has detected this issue as fixed in range 423995:424060.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5094223512862720

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: Heap-use-after-free READ 8
Crash Address: 0x61100029ef58
Crash State:
  media::DecryptingDemuxerStream::~DecryptingDemuxerStream
  media::DecryptingDemuxerStream::~DecryptingDemuxerStream
  media::DecoderStream<
  
Recommended Security Severity: High

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=422899:423265
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=423995:424060

Minimized Testcase (241.05 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95WvAgNuGg9xiY0edFiXU9f96alxquRW7U_wns4e-32GYNAIzBpoYRSfPQJNPU6X-lDMYdHey0_fR8X7XK0T5Ah5TESo9T4mApuweq7xkhYGiwQj-CLprjkZ6IQaCF-tle9aspQxdPd_oeUpT91-RZ6hSvOnT1iXAPPCT9hJ5b6gp1Lff0?testcase_id=5094223512862720

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Any ideas what fixed this, so we can see if it needs to be merged to M55?

ClusterFuzz has detected this issue as fixed in range 423995:424060.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5094223512862720

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: Heap-use-after-free READ 8
Crash Address: 0x61100029ef58
Crash State:
  media::DecryptingDemuxerStream::~DecryptingDemuxerStream
  media::DecryptingDemuxerStream::~DecryptingDemuxerStream
  media::DecoderStream<
  
Recommended Security Severity: High

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=422899:423265
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=423995:424060

Minimized Testcase (241.05 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95WvAgNuGg9xiY0edFiXU9f96alxquRW7U_wns4e-32GYNAIzBpoYRSfPQJNPU6X-lDMYdHey0_fR8X7XK0T5Ah5TESo9T4mApuweq7xkhYGiwQj-CLprjkZ6IQaCF-tle9aspQxdPd_oeUpT91-RZ6hSvOnT1iXAPPCT9hJ5b6gp1Lff0?testcase_id=5094223512862720

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

I'd guess e616ee95642ecc0b168a8e807abc86ff3633cda8, which is tracked by  issue 652978  and  issue 653001 .

I agree with dalecurtis@, the change for  issue 653001  should have fixed it. It has already been merged into M55.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot