libfuzzer was rolled in the regression range so not sure if that changed something to turn this up. 

dalecurtis: this looks like something in/around ffmpeg. Could you please help triage? Thanks!

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

+john,chris. 

Reported upstream since it repros with ffplay and --toolchain=clang-asan

URGENT - PTAL.
Your bug is labelled as Stable ReleaseBlock, pls make sure to land the fix and get it merged into the M61 branch #3163 ASAP to have enough baking time in Beta before Stable promotion. Thank you!

Know that this issue shouldn't block the release?  Remove the ReleaseBlock-Stable label.

https://chromium-review.googlesource.com/c/587996/ fix incoming.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d1f8d825742c0f92f3bffb782677ea04a784bb63

commit d1f8d825742c0f92f3bffb782677ea04a784bb63
Author: Dale Curtis <dalecurtis@chromium.org>
Date: Thu Jul 27 22:56:16 2017

Roll src/third_party/ffmpeg/ 97ebed679..a53b8db56 (1 commit)

https://chromium.googlesource.com/chromium/third_party/ffmpeg.git/+log/97ebed67951a..a53b8db56039

$ git log 97ebed679..a53b8db56 --date=short --no-merges --format='%ad %ae %s'
2017-07-25 michael avformat/oggparsecelt: Do not re-allocate os->private

Created with:
  roll-dep src/third_party/ffmpeg

BUG= 742380 
TEST=none
TBR=chcunningham

Change-Id: Idf0a0346271678041af762a71c551cf293edbe92
Reviewed-on: https://chromium-review.googlesource.com/587996
Reviewed-by: Dale Curtis <dalecurtis@chromium.org>
Reviewed-by: Chrome Cunningham <chcunningham@chromium.org>
Commit-Queue: Dale Curtis <dalecurtis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#490047}
[modify] https://crrev.com/d1f8d825742c0f92f3bffb782677ea04a784bb63/DEPS

Will merge after clusterfuzz verifies.

ClusterFuzz has detected this issue as fixed in range 490022:490184.

Detailed report: https://clusterfuzz.com/testcase?key=5080550145785856

Fuzzer: libFuzzer_media_pipeline_integration_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Heap-double-free
Crash Address: 0x608000002440
Crash State:
  ogg_read_close
  avformat_close_input
  media::FFmpegGlue::~FFmpegGlue
  
Sanitizer: address (ASAN)

Recommended Security Severity: High

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=395675:395769
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=490022:490184

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5080550145785856


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5080550145785856 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This is a merge request for a DEPS roll.

This bug requires manual review: DEPS changes referenced in bugdroid comments.
Please contact the milestone owner if you have questions.
Owners: amineer@(Android), cmasso@(iOS), ketakid @(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

+awhalley@ for M61 merge review

govind@ - looks good

Approving merge to M61 branch 3163 based on comment #18. Please merge by 4:00 PM PT on Monday (07/31) so we can take it in for next week last Dev release. Thank you.

Are there any instructions for doing DEPS merges these days?

The following revision refers to this bug:
  https://chrome-internal.googlesource.com/chrome/tools/buildspec/+/6b5b0c1d0e37a48d7b9037b124d76dded0d306fa

commit 6b5b0c1d0e37a48d7b9037b124d76dded0d306fa
Author: Dale Curtis <dalecurtis@chromium.org>
Date: Mon Jul 31 19:26:14 2017

Seems like this is already merged to M61 at #21. Is there anything pending for M61?

Nope, should be done.

Thank you.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot