Git blame below is NOT necessarily who introduced the crash nor the owner for it. Please check the code before assigning to anyone.(No CL in the regression range changed the crashing files.)

Author: Michael Niedermayer
Project: chromium-ffmpeg
Changelist: https://chromium.googlesource.com/chromium/third_party/ffmpeg.git/+/5b7519fbaa8f6406d9d796de809ff3bc22060836
Time: Mon Jun 02 16:00:34 2014
The CL last changed line 209 of file mathematics.c, which is stack frame 0.

Author: Michael Niedermayer
Project: chromium-ffmpeg
Changelist: https://chromium.googlesource.com/chromium/third_party/ffmpeg.git/+/863f4c3c7170270f78049e390670d2b83fbe67d3
Time: Fri Jan 03 16:44:15 2014
The CL last changed line 1185 of file utils.c, which is stack frame 1.

Author: Michael Niedermayer
Project: chromium-ffmpeg
Changelist: https://chromium.googlesource.com/chromium/third_party/ffmpeg.git/+/9e561410c08ebe128e0be86f7b4492dc7bc87bb2
Time: Tue Dec 09 02:33:44 2014
The CL last changed line 1413 of file utils.c, which is stack frame 2.

Author: Anton Khirnov
Project: chromium-ffmpeg
Changelist: https://chromium.googlesource.com/chromium/third_party/ffmpeg.git/+/d3bb71914bcdf83311d70cb1e235cdd85527e5cf
Time: Fri Jul 15 18:27:43 2011
The CL last changed line 3316 of file utils.c, which is stack frame 3.

Author: ajwong@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/89590681f899dfe06878dcc7b87855bd9e4d6f8e
Time: Wed Nov 28 03:29:01 2012
The CL last changed line 22 of file task_runner_util.h, which is stack frame 4.

Author: joi@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/2837654227eb7ae572725fa55fb0cc33d922fd7b
Time: Fri Oct 14 17:30:37 2011
The CL last changed line 46 of file post_task_and_reply_impl.cc, which is stack frame 5.

Author: skyostil@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/ad8fb459e07068582588d72fd5dabdb72e70b689
Time: Thu Aug 14 14:26:09 2014
The CL last changed line 54 of file task_annotator.cc, which is stack frame 6.

Suspected Project: chromium-ffmpeg


Suspected CL is 
https://chromium.googlesource.com/chromium/src/+/4d39cc03fb3af3728b9b91134bff098f6c3d2111%5E%21/content/renderer/media/render_media_log.cc

wolenetz@, could you please take a look and reassign if it is not related your changes.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This looks like a recently detected issue that appears to have been in FFmpeg for quite a while - Dale, can you take a look during your ffmpeg roll for M-64?

This was detected in Oct of 2016 so I don't think it's recent :) I will take a look though.

Oops I saw Oct and thought this year when re-assigning. I'm not sure how this slipped my filters until now.

I double-checked the list of UBsan issues I had sent to Niedermayer later in 2016 but couldn't find any reference to this. Again, not sure how this slipped through my filters. Thanks for taking a look.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/732525a160bc98935b757d6e13b8a0115e62d929

commit 732525a160bc98935b757d6e13b8a0115e62d929
Author: Dale Curtis <dalecurtis@chromium.org>
Date: Sat Nov 18 00:25:20 2017

Disable unused ogg codec parsers; they have bugs we don't care about.

Ogg has parsers for a bunch of codecs we don't care about. Long ago
we also disabled these, but we re-enabled them because it didn't
matter at the time. We would just fail during demuxing instead; but
now it seems there are bugs in these parsers, so disable them to
avoid bringing their issues along.

The issue in this case is bad timestamps, but there's no good fix
for this in the speex code that I can see, so it's simpler to just
blanket disable.

BUG= 654612 
TEST=media_unittests still pass

Change-Id: I4f4e683a338dafe2df11ade6efca57ad0498f974
Reviewed-on: https://chromium-review.googlesource.com/777969
Reviewed-by: Dan Sanders <sandersd@chromium.org>

[modify] https://crrev.com/732525a160bc98935b757d6e13b8a0115e62d929/CREDITS.chromium
[modify] https://crrev.com/732525a160bc98935b757d6e13b8a0115e62d929/chromium/scripts/generate_gn.py
[modify] https://crrev.com/732525a160bc98935b757d6e13b8a0115e62d929/libavformat/oggdec.c
[modify] https://crrev.com/732525a160bc98935b757d6e13b8a0115e62d929/ffmpeg_generated.gni
[modify] https://crrev.com/732525a160bc98935b757d6e13b8a0115e62d929/chromium/patches/README

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/aea3d2d4d8d304df1a029ef83d248508073bd066

commit aea3d2d4d8d304df1a029ef83d248508073bd066
Author: Dale Curtis <dalecurtis@chromium.org>
Date: Sat Nov 18 06:56:26 2017

Roll ffmpeg DEPS and fix additional ubsan issues.

This change enables AV_EF_EXPLODE such that all serious errors
encountered during demuxing are fatal. Previously ffmpeg would
try to ignore these in some cases; leading to ubsan or other
issues. Specifically  crbug.com/698524  and  crbug.com/710791 .

Due to the removal of the speex parser from ogg, there is one
test that needs updating with the roll too.

https://chromium.googlesource.com/chromium/third_party/ffmpeg.git/+log/1e816bccb5ff..252244150ad7

$ git log 1e816bccb..252244150 --date=short --no-merges --format='%ad %ae %s'
2017-11-17 dalecurtis [mpeg4video] Fix undefined shift on assumed 8-bit input.
2017-11-17 dalecurtis Disable unused ogg codec parsers; they have bugs we don't care about.
2017-11-17 dalecurtis Use ff_thread_once for fixed, float table init.
2017-11-17 dalecurtis Fixup some patches messages.
2017-11-17 dalecurtis [mov] Fix leak of frame_duration_buffer in mov_fix_index().
2017-11-17 dalecurtis Prevent undefined shift with wrap_bits >= 63.
2017-11-15 hubbe avformat/mov: Check size of STSC allocation
2017-11-17 jstebbins [PATCH] lavf/mov: don't read outside frag_index bounds

Created with:
  roll-dep src/third_party/ffmpeg

BUG= 786269 , 782074 , 783459 , 784159 , 654612 , 779924 , 710791 , 698524 
TEST=security test cases no longer fail.

Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
Change-Id: Ibbf3c32080705d6484682351a351663c51a7f752
Reviewed-on: https://chromium-review.googlesource.com/777408
Commit-Queue: Dale Curtis <dalecurtis@chromium.org>
Reviewed-by: Dan Sanders <sandersd@chromium.org>
Cr-Commit-Position: refs/heads/master@{#517709}
[modify] https://crrev.com/aea3d2d4d8d304df1a029ef83d248508073bd066/DEPS
[modify] https://crrev.com/aea3d2d4d8d304df1a029ef83d248508073bd066/media/filters/ffmpeg_demuxer_unittest.cc
[modify] https://crrev.com/aea3d2d4d8d304df1a029ef83d248508073bd066/media/filters/ffmpeg_glue.cc

ClusterFuzz has detected this issue as fixed in range 517698:517712.

Detailed report: https://clusterfuzz.com/testcase?key=5310534440452096

Fuzzer: ochang_search_index_mutator
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  av_add_stable
  compute_pkt_fields
  read_frame_internal
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=370022:370027
Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=517698:517712

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5310534440452096

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5310534440452096 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.