Unable to provide possible suspect using Predator, CL and Code Search.

CC'ing the michael@ for his work on file "avpacket.c"

michael@-- Could you please look into the issue, kindly re-assign if this is not related to your changes.


Thank You.

kkaluri@ please take care not to cc folks outside the Chromium project, please just assign to the media label first to avoid spamming external owners unnecessarily -- they aren't able to access ClusterFuzz. 

Michael if you do end up taking a look, the leak trace is:

Indirect leak of 4336 byte(s) in 2 object(s) allocated from:
#0 0x36f4b2 in __interceptor_realloc (/mnt/scratch0/clusterfuzz/slave-bot/builds/chromium-browser-libfuzzer_linux-debug-asan_ae530a86793cd6b8b56ce9af9159ac101396e802/revisions/libfuzzer-linux-debug-507883/media_pipeline_integration_fuzzer+0x36f4b2)
 #1 0x7f67ebdecdad in av_buffer_realloc third_party/ffmpeg/libavutil/buffer.c:177:25
 #2 0x7f67ebded0e0 in av_buffer_realloc third_party/ffmpeg/libavutil/buffer.c:199:9
 #3 0x7f67ebc9afb2 in av_grow_packet third_party/ffmpeg/libavcodec/avpacket.c:131:23
#4 0x7f67ebd26c1a in append_packet_chunked third_party/ffmpeg/libavformat/utils.c:268:15
#5 0x7f67ebd2a6d0 in ff_read_packet third_party/ffmpeg/libavformat/utils.c:816:15
#6 0x7f67ebd302a9 in read_frame_internal third_party/ffmpeg/libavformat/utils.c:1518:15
#7 0x7f67ebd454e2 in avformat_find_stream_info third_party/ffmpeg/libavformat/utils.c:3698:15

Deleted: clusterfuzz-testcase-minimized-6418078673141760 14 bytes

clusterfuzz-testcase-minimized-6418078673141760 14 bytes View Download

For more information, please see https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md.

The link referenced in the description is no longer valid.

I could reprduce a memleak with this testcase with ffmpeg. Patch fixing it is on ffmpeg-devel. Will probably be in ffmpeg git master in a few days

Whoops, sorry this fell off my radar. Thanks for fixing Michael.

Verified the fix, will roll deps to pick it up today.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/415212d7045bc6c2ed5c58ec46740251c32ea7ce

commit 415212d7045bc6c2ed5c58ec46740251c32ea7ce
Author: Dale Curtis <dalecurtis@chromium.org>
Date: Wed Nov 29 01:10:35 2017

Roll FFmpeg and update FFmpegDemuxer for security fixes.

https://chromium.googlesource.com/chromium/third_party/ffmpeg.git/+log/9cb03e5705c1..18c815f81428

$ git log 9cb03e570..18c815f81 --date=short --no-merges --format='%ad %ae %s'
2017-11-28 dalecurtis Update chromium patches README with new patches.
2017-11-28 dalecurtis Free opus extradata before reallocating.
2017-11-28 dalecurtis Don't manipulate duration when it's AV_NOPTS_VALUE.
2017-11-28 dalecurtis Respect AVERROR codes returned by ogg parsers.
2017-11-25 michael avformat/aacdec: Fix leak in adts_aac_read_packet()

Inspection of code reveals that we don't properly ignore invalid codec
parameters when setting up the ffmpeg demuxer, so we will now explicitly
discard streams which don't have a codec detected.

Created with:
  roll-dep src/third_party/ffmpeg

BUG= 788550 , 787803 , 773637 , 787351 
TEST=ubsan/asan no longer fail.

Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
Change-Id: I87b0482499e41b2c0190ef3852ed81c3e91c4236
Reviewed-on: https://chromium-review.googlesource.com/794844
Commit-Queue: Dale Curtis <dalecurtis@chromium.org>
Reviewed-by: Thomas Guilbert <tguilbert@chromium.org>
Cr-Commit-Position: refs/heads/master@{#519941}
[modify] https://crrev.com/415212d7045bc6c2ed5c58ec46740251c32ea7ce/DEPS
[modify] https://crrev.com/415212d7045bc6c2ed5c58ec46740251c32ea7ce/media/filters/ffmpeg_demuxer.cc

ClusterFuzz has detected this issue as fixed in range 519923:519950.

Detailed report: https://clusterfuzz.com/testcase?key=6418078673141760

Fuzzer: libFuzzer_media_pipeline_integration_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: Indirect-leak
Crash Address: 
Crash State:
  av_buffer_realloc
  av_buffer_realloc
  av_grow_packet
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=507841:507861
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=519923:519950

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6418078673141760

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6418078673141760 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.