ClusterFuzz is analyzing your testcase. Developers can follow the progress at https://clusterfuzz.com/testcase?key=4787889476206592.

CF can repro... full report is incoming. CCing some people early.

I can't figure out what could be going on. The JS code basically repeatedly gives pc2:

* A local data-only offer.
* A remote audio offer it creates itself.
* A local answer it creates itself.

The log indicates that when the error occurs, it's trying to create an audio answer while it has a data local description. The only way this could happen is if at one point previously, it had an audio remote offer... But then it should have been impossible to set the data local description in the first place, due to the fix that was added earlier.

I tried reproducing myself, but ran into this when trying to make an ASan build:

[14941/29396] ACTION //v8:run_mksnapshot(//build/toolchain/linux:clang_x64)
FAILED: gen/v8/snapshot.cc snapshot_blob.bin 
python ../../v8/tools/run.py ./mksnapshot --startup_src gen/v8/snapshot.cc --random-seed 314159265 --startup_blob snapshot_blob.bin
==40081==Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly. ABORTING.
==40081==ASan shadow was supposed to be located in the [0x00007fff7000-0x10007fff7fff] range.
==40081==This might be related to ELF_ET_DYN_BASE change in Linux 4.12.
==40081==See https://github.com/google/sanitizers/issues/837 for possible workarounds.

And clusterfuzz only includes warning-level logs, so it's not much help.

loobenyang, do you know anything more? If you can still reproduce this, can you collect verbose-level logs?

I did find this bug: https://bugs.chromium.org/p/webrtc/issues/detail?id=8389
But don't see how the test case above could trigger it.

Anyway: Until we find the root cause, I have a CL that will at least change RTC_DCHECKs to RTC_CHECKs, so that Chrome aborts before anything worse happens: https://webrtc-review.googlesource.com/c/src/+/9040

Sure.
Just reproduced it in a Windows ASAN build with option "--log-level=0 --enable-logging=stderr" and attached the log.

Chromium	63.0.3227.0 (Developer Build) (32-bit)

Deleted: TypeConfusion_CodecMatches_FullLog.txt 452 KB

TypeConfusion_CodecMatches_FullLog.txt 452 KB View Download

Is it possible with "--enable-logging --vmodule=*/webrtc/*=1", to get INFO-level webrtc logs? Meanwhile I'll try fixing my ASan build issue...

Sure, attached the log with option "--enable-logging=stder --vmodule=*/webrtc/*=1".

Deleted: TypeConfusion_CodecMatches_FullLog2_webrtc.txt 2.7 MB

TypeConfusion_CodecMatches_FullLog2_webrtc.txt 2.7 MB View Download

I think I have something. Basically, the test case is doing following things:
SetRemoteDescription(audio offer) // OK
SetLocalDescription(audio answer)  // OK
SetLocalDescription(offer with no m= sections)  //odd, this shouldn't happen.
SetLocalDescription(data offer)  //odd
CreateAnswer() // crashed.  

Get audio option for the remote description but the current description is data only.
In this test case, the peerconnection actes as both caller and callee which is kind of odd.

Detailed report: https://clusterfuzz.com/testcase?key=4787889476206592

Job Type: linux_asan_chrome_mp
Crash Type: Heap-buffer-overflow READ 4
Crash Address: 0x60e0000b3b58
Crash State:
  cricket::AudioCodec::Matches
  bool cricket::FindMatchingCodec<cricket::AudioCodec>
  cricket::MediaSessionDescriptionFactory::AddAudioContentForAnswer
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=498412:498437

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4787889476206592

See https://github.com/google/clusterfuzz-tools for more information.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://webrtc.googlesource.com/src.git/+/80cfb527c6e38267cdbf27ebce6a32595c80f21e

commit 80cfb527c6e38267cdbf27ebce6a32595c80f21e
Author: Taylor Brandstetter <deadbeef@webrtc.org>
Date: Fri Oct 13 16:36:28 2017

RTC_CHECK'ing content type before static_casting descriptions.

This will cause the application to be aborted before it encounters
something worse like a heap overflow, in case any bug in this code
exists or is introduced in the future.

TBR=zhihuang@webrtc.org

Bug:  chromium:773620 
Change-Id: Idd4e31aa63a3f673eefd3e8cb2ae3f4a5092ca4e
Reviewed-on: https://webrtc-review.googlesource.com/9040
Reviewed-by: Zhi Huang <zhihuang@webrtc.org>
Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org>
Commit-Queue: Taylor Brandstetter <deadbeef@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#20293}
[modify] https://crrev.com/80cfb527c6e38267cdbf27ebce6a32595c80f21e/pc/mediasession.cc

can you please confirm if this requires a merge to M62?

Unfortunate, but we can wait until M63 for this 

I have another fix(https://webrtc-review.googlesource.com/c/src/+/9621) for this. May want to merge both of them after that CL is submitted.

The following revision refers to this bug:
  https://webrtc.googlesource.com/src.git/+/a8264dbdd97f5e125d45fd0e84356f2e1f747df1

commit a8264dbdd97f5e125d45fd0e84356f2e1f747df1
Author: Zhi Huang <zhihuang@webrtc.org>
Date: Sat Oct 14 00:40:32 2017

Reject the subsequent offer with fewer m= sections.

If the subsequent offer contains fewer m= sections than the existing
description, it would be rejected.

The helper method MediaSectionsInSameOrder is modified and it will
compare the number of m= sections before matching the media type.

Bug:  chromium:773620 
Change-Id: Ic8999445f4bc023da1d85a65659583db1687ec37
Reviewed-on: https://webrtc-review.googlesource.com/9621
Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org>
Commit-Queue: Zhi Huang <zhihuang@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#20298}
[modify] https://crrev.com/a8264dbdd97f5e125d45fd0e84356f2e1f747df1/pc/peerconnectioninterface_unittest.cc
[modify] https://crrev.com/a8264dbdd97f5e125d45fd0e84356f2e1f747df1/pc/webrtcsession.cc

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Please mark security bugs as fixed as soon as the fix lands, and before requesting merges. This update is based on the merge- labels applied to this issue. Please reopen if this update was incorrect.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Your change meets the bar and is auto-approved for M63. Please go ahead and merge the CL to branch 3239 manually. Please contact milestone owner if you have questions.
Owners: amineer@(Android), cmasso@(iOS), gkihumba@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://webrtc.googlesource.com/src.git/+/589ae45d0fa79e4d637bb21ce6bb0696f74db448

commit 589ae45d0fa79e4d637bb21ce6bb0696f74db448
Author: Tommi <tommi@webrtc.org>
Date: Sun Oct 15 21:50:06 2017

Revert "Reject the subsequent offer with fewer m= sections."

This reverts commit a8264dbdd97f5e125d45fd0e84356f2e1f747df1.

Reason for revert: Reverting to unblock rolls into Chromium.
See failure here:
https://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/565449

Fails: external/wpt/webrtc/RTCPeerConnection-setRemoteDescription-offer.html

I'm guessing these lines from the output are relevant:

12:15:32.525 11839   [1:19:1015/121532.495175:16438293900:ERROR:webrtcsession.cc(350)] Failed to set remote offer sdp: The order of m-lines in subsequent offer doesn't match order from previous offer/answer.
12:15:32.525 11839   [1:20:1015/121532.497199:16438296127:WARNING:delay_based_bwe.cc(326)] BWE Setting start bitrate to: 300000
12:15:32.525 11839   [1:1:1015/121532.498272:16438296963:ERROR:webrtcsdp.cc(359)] Failed to parse: "Invalid SDP". Reason: Expect line: v=
12:15:32.525 11839   [1:1:1015/121532.498364:16438297040:ERROR:rtc_peer_connection_handler.cc(2183)] Failed to create native session description. Type: offer SDP: Invalid SDP
12:15:32.525 11839   [1:1:1015/121532.498432:16438297104:ERROR:rtc_peer_connection_handler.cc(1458)] Failed to parse SessionDescription. Invalid SDP Expect line: v=

Original change's description:
> Reject the subsequent offer with fewer m= sections.
> 
> If the subsequent offer contains fewer m= sections than the existing
> description, it would be rejected.
> 
> The helper method MediaSectionsInSameOrder is modified and it will
> compare the number of m= sections before matching the media type.
> 
> Bug:  chromium:773620 
> Change-Id: Ic8999445f4bc023da1d85a65659583db1687ec37
> Reviewed-on: https://webrtc-review.googlesource.com/9621
> Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org>
> Commit-Queue: Zhi Huang <zhihuang@webrtc.org>
> Cr-Commit-Position: refs/heads/master@{#20298}

TBR=deadbeef@webrtc.org,zhihuang@webrtc.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug:  chromium:773620 
Change-Id: I4a3ff7a42abb95144615b1dd37fb21585ee07b5d
Reviewed-on: https://webrtc-review.googlesource.com/10920
Reviewed-by: Tommi <tommi@webrtc.org>
Commit-Queue: Tommi <tommi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#20300}
[modify] https://crrev.com/589ae45d0fa79e4d637bb21ce6bb0696f74db448/pc/peerconnectioninterface_unittest.cc
[modify] https://crrev.com/589ae45d0fa79e4d637bb21ce6bb0696f74db448/pc/webrtcsession.cc

** Bulk Edit **

Please merge your change to M63 branch 3239 before 5:00 PM PT Monday (10/16) so we can take it in for next dev release. Thank you.

ClusterFuzz has detected this issue as fixed in range 508970:508976.

Detailed report: https://clusterfuzz.com/testcase?key=4787889476206592

Job Type: linux_asan_chrome_mp
Crash Type: Heap-buffer-overflow READ 4
Crash Address: 0x60e0000b3b58
Crash State:
  cricket::AudioCodec::Matches
  bool cricket::FindMatchingCodec<cricket::AudioCodec>
  cricket::MediaSessionDescriptionFactory::AddAudioContentForAnswer
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=498412:498437
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=508970:508976

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4787889476206592

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4787889476206592 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

The following revision refers to this bug:
  https://webrtc.googlesource.com/src.git/+/c608c1e6151524be12f34a34bbc30c208a306ee3

commit c608c1e6151524be12f34a34bbc30c208a306ee3
Author: Zhi Huang <zhihuang@webrtc.org>
Date: Mon Oct 16 20:18:09 2017

Merge to M63:RTC_CHECK'ing content type before static_casting descriptions.

This will cause the application to be aborted before it encounters
something worse like a heap overflow, in case any bug in this code
exists or is introduced in the future.

Bug:  chromium:773620 
Change-Id: I2ffa8cd09a6526735cfac62a39eff9ae4487421d
Reviewed-on: https://webrtc-review.googlesource.com/11541
Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org>
Cr-Commit-Position: refs/branch-heads/63@{#2}
Cr-Branched-From: bef8a5d2ca5413c680995584b8c0976852ba5f25-refs/heads/master@{#20237}
[modify] https://crrev.com/c608c1e6151524be12f34a34bbc30c208a306ee3/pc/mediasession.cc

So the only fix we have is to crash it?
Good to get rid of the security risk.
However, it's still not a good image for the product's stability and reliability.

Not really. Crashing it is a more generic fix to prevent something like to happen in the future.

https://webrtc-review.googlesource.com/9621 is a more specific fix but I haven't got a chance to merge it since something else is blocking it.

Per comment #63, change is already merged to M63. If nothing is pending for M63, please remove "Merge-Approved-63" label. Thank you.

I also want to merge this (https://webrtc-review.googlesource.com/9621) but right now it is blocked by something else.

As I commented in 28, the merged fix is a generic one by making the application to be aborted which is not ideal. This (https://webrtc-review.googlesource.com/9621) fix is a more specific one for this case.

 Issue 775370  has been merged into this issue.

+awhalley@ PTAL comment #30.

Thanks zhihuang@. I'm OK moving this to block Stable, rather than Beta, which should also give time to take the second change.

This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible!

If all merges have been completed, please remove any remaining Merge-Approved labels from this issue.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Issue 775730 has been merged into this issue.

 Issue 775909  has been merged into this issue.

 Issue 775503  has been merged into this issue.

*** Boilerplate reminders! ***
Please do NOT publicly disclose details until a fix has been released to all our users. Early public disclosure may cancel the provisional reward. Also, please be considerate about disclosure when the bug affects a core library that may be used by other products. Please do NOT share this information with third parties who are not directly involved in fixing the bug. Doing so may cancel the provisional reward. Please be honest if you have already disclosed anything publicly or to third parties. Lastly, we understand that some of you are not interested in money. We offer the option to donate your reward to an eligible charity. If you prefer this option, let us know and we will also match your donation - subject to our discretion. Any rewards that are unclaimed after 12 months will be donated to a charity of our choosing.
*********************************

Hi loobenyang@ - the VRP panel decided to reward $1,000 for this report - thanks!

 Issue 775925  has been merged into this issue.

ClusterFuzz testcase 4538181419794432 is still reproducing on tip-of-tree build (trunk).

Please re-test your fix against this testcase and if the fix was incorrect or incomplete, please re-open the bug. Otherwise, ignore this notification and add ClusterFuzz-Wrong label.

ClusterFuzz has detected this issue as fixed in range 508970:508976.

Detailed report: https://clusterfuzz.com/testcase?key=4787889476206592

Job Type: linux_asan_chrome_mp
Crash Type: Heap-buffer-overflow READ 4
Crash Address: 0x60e0000b3b58
Crash State:
  cricket::AudioCodec::Matches
  bool cricket::FindMatchingCodec<cricket::AudioCodec>
  cricket::MediaSessionDescriptionFactory::AddAudioContentForAnswer
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=498412:498437
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=508970:508976

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4787889476206592

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible!

If all merges have been completed, please remove any remaining Merge-Approved labels from this issue.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e3dc12451acb5ce3397fdf6506607145c4ee681f

commit e3dc12451acb5ce3397fdf6506607145c4ee681f
Author: Zhi Huang <zhihuang@chromium.org>
Date: Thu Oct 26 18:59:50 2017

Modified the setRemoteDescription-offer.html

Modifed the setRemoteDescription-offer tests to unblock the CL
(https://webrtc-review.googlesource.com/c/src/+/9621).

The peerconnection should only set the remote offer generated by the CreateOffer
method.

SetLocalDescription is called before creating a subsequent offer.
To support unfied plan SDP, the m= section should be enforced in the subsequent
offer and the offer with different order would be rejected.
For example, if the first offer has "data" and the second offer with "audio, data"
would be rejected.

Based on a Github PR: https://github.com/w3c/web-platform-tests/pull/7893/files

Bug:  chromium:773620 
Change-Id: Id947c05e795f9fabd60200a20adad02d278218bd
Reviewed-on: https://chromium-review.googlesource.com/736318
Commit-Queue: Zhi Huang <zhihuang@chromium.org>
Reviewed-by: Henrik Boström <hbos@chromium.org>
Cr-Commit-Position: refs/heads/master@{#511902}
[modify] https://crrev.com/e3dc12451acb5ce3397fdf6506607145c4ee681f/third_party/WebKit/LayoutTests/external/wpt/webrtc/RTCPeerConnection-setRemoteDescription-offer-expected.txt
[modify] https://crrev.com/e3dc12451acb5ce3397fdf6506607145c4ee681f/third_party/WebKit/LayoutTests/external/wpt/webrtc/RTCPeerConnection-setRemoteDescription-offer.html

The following revision refers to this bug:
  https://webrtc.googlesource.com/src.git/+/b2d355ed1f978e0f25c3998a61d79877f622d601

commit b2d355ed1f978e0f25c3998a61d79877f622d601
Author: Zhi Huang <zhihuang@webrtc.org>
Date: Fri Oct 27 01:07:27 2017

Reland: Reject the description with fewer m= sections.

If the subsequent offer contains fewer m= sections than the existing
description, it would be rejected.

The helper method MediaSectionsInSameOrder is modified and it will
compare the number of m= sections before matching the media type.

The original CL: https://webrtc-review.googlesource.com/c/src/+/9621
Reland it after the web-platform-tests are updated:
https://chromium-review.googlesource.com/c/chromium/src/+/736318

TBR=deadbeef@webrtc.org

Bug:  chromium:773620 
Change-Id: I60e972eb856efc3cef4a18777791053c9f8e0491
Reviewed-on: https://webrtc-review.googlesource.com/16382
Reviewed-by: Zhi Huang <zhihuang@webrtc.org>
Commit-Queue: Zhi Huang <zhihuang@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#20455}
[modify] https://crrev.com/b2d355ed1f978e0f25c3998a61d79877f622d601/pc/peerconnectioninterface_unittest.cc
[modify] https://crrev.com/b2d355ed1f978e0f25c3998a61d79877f622d601/pc/webrtcsession.cc

ClusterFuzz has detected this issue as fixed in range 508970:508976.

Detailed report: https://clusterfuzz.com/testcase?key=4787889476206592

Job Type: linux_asan_chrome_mp
Crash Type: Heap-buffer-overflow READ 4
Crash Address: 0x60e0000b3b58
Crash State:
  cricket::AudioCodec::Matches
  bool cricket::FindMatchingCodec<cricket::AudioCodec>
  cricket::MediaSessionDescriptionFactory::AddAudioContentForAnswer
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=498412:498437
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=508970:508976

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4787889476206592

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

 zhihuang@, is there anything pending for M63? 

Yes,
I would like to merge https://chromium-review.googlesource.com/736318 which is a chromium CL.

After that is landed, https://webrtc-review.googlesource.com/16382 can be merged to WebRTC M63 branch.

+awhalley@, could you ptal comment #50. Please let me know if Cls look good to merge to M63.

govind@ - good for M63

govind@ - good for M63

Approving merge to M63 branch 3239 based on comment #50 and #52. Please merge ASAP. Thank you.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/00fd68f1e971510cc7be4cb7a31f0bd1897aa36d

commit 00fd68f1e971510cc7be4cb7a31f0bd1897aa36d
Author: Zhi Huang <zhihuang@chromium.org>
Date: Wed Nov 01 20:28:40 2017

Modified the setRemoteDescription-offer.html

Modifed the setRemoteDescription-offer tests to unblock the CL
(https://webrtc-review.googlesource.com/c/src/+/9621).

Two different peerconnections are used in new tests. The remote offer is
generated by a different peerconnection instead of using the 'generateOffer'
method.

In test 'setRemoteDescription multiple times with diffrerent offer shoud succeed',
setLocalDescription is called before creating a subsequent offer. To support the
unified plan SDP, the order of the m= sections shoud be enforced in subsequent
offer.

Added a new test which sets the same remote offer as remote description multiple
times.

Modified the expected output based on new tests.

Based on a Github PR: https://github.com/w3c/web-platform-tests/pull/7893/files

TBR=zhihuang@chromium.org, hbos@chromium.org

(cherry picked from commit e3dc12451acb5ce3397fdf6506607145c4ee681f)

Bug:  chromium:773620 
Change-Id: Id947c05e795f9fabd60200a20adad02d278218bd
Reviewed-on: https://chromium-review.googlesource.com/736318
Commit-Queue: Zhi Huang <zhihuang@chromium.org>
Reviewed-by: Henrik Boström <hbos@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#511902}
Reviewed-on: https://chromium-review.googlesource.com/744588
Cr-Commit-Position: refs/branch-heads/3239@{#335}
Cr-Branched-From: adb61db19020ed8ecee5e91b1a0ea4c924ae2988-refs/heads/master@{#508578}
[modify] https://crrev.com/00fd68f1e971510cc7be4cb7a31f0bd1897aa36d/third_party/WebKit/LayoutTests/external/wpt/webrtc/RTCPeerConnection-setRemoteDescription-offer-expected.txt
[modify] https://crrev.com/00fd68f1e971510cc7be4cb7a31f0bd1897aa36d/third_party/WebKit/LayoutTests/external/wpt/webrtc/RTCPeerConnection-setRemoteDescription-offer.html

Merged the Chromium CL.
I'll wait for another build and make sure it doesn't break anything before merging the WebRTC change.

The following revision refers to this bug:
  https://webrtc.googlesource.com/src.git/+/b3b6cd16aa86eaacd512ac717f8710583ceb5a44

commit b3b6cd16aa86eaacd512ac717f8710583ceb5a44
Author: Zhi Huang <zhihuang@webrtc.org>
Date: Thu Nov 02 17:51:25 2017

Merge to M63: Reject the description with fewer m= sections.

If the subsequent offer contains fewer m= sections than the existing
description, it would be rejected.

The helper method MediaSectionsInSameOrder is modified and it will
compare the number of m= sections before matching the media type.

The original CL: https://webrtc-review.googlesource.com/c/src/+/9621
Reland it after the web-platform-tests are updated:
https://chromium-review.googlesource.com/c/chromium/src/+/736318

TBR=deadbeef@webrtc.org

(cherry picked from commit b2d355ed1f978e0f25c3998a61d79877f622d601)

Bug:  chromium:773620 
Change-Id: I60e972eb856efc3cef4a18777791053c9f8e0491
Reviewed-on: https://webrtc-review.googlesource.com/16382
Reviewed-by: Zhi Huang <zhihuang@webrtc.org>
Commit-Queue: Zhi Huang <zhihuang@webrtc.org>
Cr-Original-Commit-Position: refs/heads/master@{#20455}
Reviewed-on: https://webrtc-review.googlesource.com/18262
Cr-Commit-Position: refs/branch-heads/63@{#11}
Cr-Branched-From: bef8a5d2ca5413c680995584b8c0976852ba5f25-refs/heads/master@{#20237}
[modify] https://crrev.com/b3b6cd16aa86eaacd512ac717f8710583ceb5a44/pc/peerconnectioninterface_unittest.cc
[modify] https://crrev.com/b3b6cd16aa86eaacd512ac717f8710583ceb5a44/pc/webrtcsession.cc

All the changes have been merged.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot