dalecurtis, can you please take a look? Thanks.

This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/bc2eb1987e956f5d2747e8c9c61ac346a2c91c92

commit bc2eb1987e956f5d2747e8c9c61ac346a2c91c92
Author: Fredrik Hubinette <hubbe@google.com>
Date: Mon Jan 30 19:58:11 2017

cerry-pick fix for uninitialized memory in flac

BUG= 686387 

Original description:
avformat/flacdec: Check avio_read result when reading flac block header.

Return AVERROR_INVALIDDATA if all four bytes aren't present.

Change-Id: I049dc485d3ebf9bcfd12fa3494659e9737325d76
Reviewed-on: https://chromium-review.googlesource.com/434760
Reviewed-by: Frank Liberato <liberato@chromium.org>

[modify] https://crrev.com/bc2eb1987e956f5d2747e8c9c61ac346a2c91c92/libavformat/flacdec.c
[modify] https://crrev.com/bc2eb1987e956f5d2747e8c9c61ac346a2c91c92/chromium/patches/README

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4f79aee08df8f4521a9d5e39144b822739ea3888

commit 4f79aee08df8f4521a9d5e39144b822739ea3888
Author: hubbe <hubbe@chromium.org>
Date: Mon Jan 30 23:07:53 2017

Roll src/third_party/ffmpeg/ a628732d0..bc2eb1987 (1 commit).

https://chromium.googlesource.com/chromium/third_party/ffmpeg.git/+log/a628732d02fe..bc2eb1987e95

$ git log a628732d0..bc2eb1987 --date=short --no-merges --format='%ad %ae %s'
2017-01-30 hubbe cerry-pick fix for uninitialized memory in flac

BUG= 686387 

Review-Url: https://codereview.chromium.org/2664953002
Cr-Commit-Position: refs/heads/master@{#447105}

[modify] https://crrev.com/4f79aee08df8f4521a9d5e39144b822739ea3888/DEPS

ClusterFuzz has detected this issue as fixed in range 447059:447171.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5664180796653568

Fuzzer: libfuzzer_media_pipeline_integration_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  avio_seek
  flac_read_header
  avformat_open_input
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=413228:413328
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=447059:447171

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95ojFvJVdHYdvcryc3OQRKgfIislerDM1M74ln1lAptvcWIwTupxmQ20fdbJBAu7lRyCvUQJMX93vrcs9ggXsGB0VSaUn1-yqg5qTYICU1oo993Zuu1BEkT2y-qBx9QdiOccBlptsLLih8InqS8QRioI5QKjj0tZcAdVaAgE4TQ3a90QLJmfRreP2pNDdVoNg_s5CrJBvNNWZ-09pRoZWFGda3daebHKzY0iXuJBFB4etK7ucdRUXsHFA7WLsdq9TsYlnGmYoAfno5IOYIl3OSn58tnhbl4dfEdnq4OIA4yyeUBgkQtGzXDVJKdoG0dditp6ajZMO6CVrQRzYZeCyiKIOcTsYozuGz1GWk7f2JQ28K7iNQ?testcase_id=5664180796653568


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5664180796653568 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug requires manual review: DEPS changes referenced in bugdroid comments.
Please contact the milestone owner if you have questions.
Owners: amineer@(clank), cmasso@(bling), ketakid@(cros), govind@(desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

+awhalley@, is this good for M57 merge?

govind@ - yep, good for 57

Approving merge to M57 branch 2987 based on comment #16. 
Please merge your change to M57 branch 2987 by 4:00 PM PT tomorrow, Tuesday (02/14) so we can pick it up for this week beta release. Thank you.

Please merge your change to M57 branch 2987 before 5:00 PM PT Friday (02/17), so we can pick it up for next week Beta release. Thank you.

An ffmpeg DEP roll would roll in a whole lot of ffmpeg changes, that seems like a bad idea to me.

hubbe@ - would it be possible to cherry pick the change into the 57 branch in ffmpeg? 

I think so, but I'm not sure. Either way, I don't think I have time to do it by 4pm tomorrow as I'm not going to be in the office tomorrow.

re #22, if merge happens before 4:00 PM PT Tuesday (02/21)is also fine. Thank you.

This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible!

If all merges have been completed, please remove any remaining Merge-Approved labels from this issue.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Please merge your change to M57 branch 2987 before 5:00 PM PT Monday (02/20), so we can pick it up for next week Beta release. Thank you.

This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible!

If all merges have been completed, please remove any remaining Merge-Approved labels from this issue.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Please merge your change to M57 branch 2987 by 5:00 PM PT Tuesday (02/21) so we can pick it up for this week beta release. Thank you.

Per email, we're not going to take this in 57

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot