Author: mcasas
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/796b2e6cd3c150f29460c082fcc60ee2186ea9ab
Time: Thu Oct 06 01:48:14 2016
Lines 128, 134-137, 562-570 of file video_capture_impl.cc which potentially caused crash are changed in this cl (frame #0, "GetVideoCaptureHost"; frame #1, "content::VideoCaptureImpl::~VideoCaptureImpl"; frame #2, "content::VideoCaptureImpl::~VideoCaptureImpl").
Minimum distance from crash line to modified line: 0. (file: video_capture_impl.cc, crashed on: 128, modified: 128).

mcasas@: Assigning to you, request you to please take a look into it. Please help us to reassign to a right owner if not with respect to your change.

Thanks.!

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f81183123c82618825cd5734c5ace89fe1723d3c

commit f81183123c82618825cd5734c5ace89fe1723d3c
Author: mcasas <mcasas@chromium.org>
Date: Fri Oct 07 17:59:12 2016

VideoCaptureImpl: check that there's still a channel in ~VideoCaptureImpl() before sending

This was not hit when using IPC due to the channel ignoring
the late message, but now we need to protect against a
disappeared VideoCaptureHost explicitly.

Also, this CL  the unused |suspended_| variable
and simplified RemoveClient() method -- I know, I
know, I shouldn't bundle modifications in a CL...
but these were just too easy to let them pass.

BUG= 653806 ,  651897 

Review-Url: https://codereview.chromium.org/2396413002
Cr-Commit-Position: refs/heads/master@{#423907}

[modify] https://crrev.com/f81183123c82618825cd5734c5ace89fe1723d3c/content/renderer/media/video_capture_impl.cc
[modify] https://crrev.com/f81183123c82618825cd5734c5ace89fe1723d3c/content/renderer/media/video_capture_impl.h

#2 should fix this, could anyone please verify? Thanks

ClusterFuzz has detected this issue as fixed in range 423512:423881.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5332765375725568

Fuzzer: cpaulin_mediarecorder
Job Type: linux_asan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  content::VideoCaptureImpl::~VideoCaptureImpl
  content::VideoCaptureImpl::~VideoCaptureImpl
  base::debug::TaskAnnotator::RunTask
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=423265:423391
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=423512:423881

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97KSTJj1-jT4szbRmW1M7a5KQYTa3dgp2eZhmySwiIigWR6MsQQwmHrNOEk6oni9iuqN322wVAf4RowNukXd3__TC5HDLX3meE_j_lHnohH5_r71xR3whWc0L98y6oY1YJh8x87SEUCp1pMJwlWUwhS_OvvOl6T7hQhykcfBChuDigqcgc?testcase_id=5332765375725568


Additional requirements: Requires Gestures

Additional requirements: Requires HTTP

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot