Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/2ad785825859b6be6964d484a1d6a5f3f2c2ded5 (MSE: Expand pipeline integration fuzzer mimetype/codec coverage).

If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.

=> sandersd@ this is another similar to the one(s) you fixed partially previously.

Maybe take a look also at things like base::CheckMul, base::CheckAdd, .AssignIfValid, etc. (see https://chromium-review.googlesource.com/699522)

Perhaps return parse failure if there's something representable in ISO-BMFF spec, but whose intermediate values go out of range of int64_t.

This issue doesn't seem to merit merge of a fix back to M63 though; update if you disagree.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1e66d75fc7625443060e170f5cebac650d3e16fb

commit 1e66d75fc7625443060e170f5cebac650d3e16fb
Author: Dan Sanders <sandersd@chromium.org>
Date: Wed Oct 18 02:37:12 2017

[media] Check for overflow in TrackRunIterator::cts().

This CL moves the CTS computation to AdvanceSample(), which now returns
a bool. Callers have been updated to fail when AdvanceSample() fails.

Bug:  772874 
Change-Id: I1215f6a259eff310b964e1899be4e4138ff34087
Reviewed-on: https://chromium-review.googlesource.com/722164
Reviewed-by: Matthew Wolenetz <wolenetz@chromium.org>
Commit-Queue: Matthew Wolenetz <wolenetz@chromium.org>
Commit-Queue: Dan Sanders <sandersd@chromium.org>
Cr-Commit-Position: refs/heads/master@{#509664}
[modify] https://crrev.com/1e66d75fc7625443060e170f5cebac650d3e16fb/media/formats/mp4/mp4_stream_parser.cc
[modify] https://crrev.com/1e66d75fc7625443060e170f5cebac650d3e16fb/media/formats/mp4/track_run_iterator.cc
[modify] https://crrev.com/1e66d75fc7625443060e170f5cebac650d3e16fb/media/formats/mp4/track_run_iterator.h

ClusterFuzz has detected this issue as fixed in range 509419:509669.

Detailed report: https://clusterfuzz.com/testcase?key=5486952882372608

Fuzzer: libFuzzer_mediasource_MP4_AACLC_AVC_pipeline_integration_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  media::mp4::TrackRunIterator::cts
  media::mp4::MP4StreamParser::EnqueueSample
  media::mp4::MP4StreamParser::Parse
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=499820:499882
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=509419:509669

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5486952882372608

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5486952882372608 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.