Predator could not provide any possible suspects.
Using CL Search for the file, "webmediaplayer_impl.cc" assigning to the concern owner who might be related or worked on similar file.

Suspect CL: https://chromium.googlesource.com/chromium/src/+/9e8ae29ba31af922e26d8af9ea768ca8a99014ce

kainino@ -- Could you please look into the issue, kindly re-assign if this is not related to your changes.


Thank You.

This is due to my change. Reducing to P2 though because this only happens with --enable-experimental-canvas-features which is off by default.

I was able to reproduce this in Canary but not in my own build (at least not currently while I'm traveling). But it's a simple change and I can rely on the fuzzer to verify the fix.

https://chromium-review.googlesource.com/c/chromium/src/+/677088

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ef8c9e03e9812e220bd0c627507e1e41be129afa

commit ef8c9e03e9812e220bd0c627507e1e41be129afa
Author: Kai Ninomiya <kainino@chromium.org>
Date: Wed Sep 27 04:07:40 2017

Fix null-deref in video element metadata prototype

Bug:  767090 , 639174
Change-Id: I785d081990f2127d10a1dbf8cdbd9494af0b437e
Reviewed-on: https://chromium-review.googlesource.com/677088
Reviewed-by: Dan Sanders <sandersd@chromium.org>
Commit-Queue: Kai Ninomiya <kainino@chromium.org>
Cr-Commit-Position: refs/heads/master@{#504576}
[modify] https://crrev.com/ef8c9e03e9812e220bd0c627507e1e41be129afa/media/blink/webmediaplayer_impl.cc

ClusterFuzz has detected this issue as fixed in range 504571:504584.

Detailed report: https://clusterfuzz.com/testcase?key=5765764929028096

Fuzzer: inferno_layout_test_unmodified
Job Type: mac_asan_content_shell
Platform Id: mac

Crash Type: Null-dereference READ
Crash Address: 0x000000000200
Crash State:
  media::WebMediaPlayerImpl::Paint
  blink::HTMLVideoElement::PaintCurrentFrame
  blink::WebGLRenderingContextBase::TexImageHelperHTMLVideoElement
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=500110:500145
Fixed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=504571:504584

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5765764929028096

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5765764929028096 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.