Automatically adding ccs based on suspected regression changelists:

mov: fix decode of fragments that overlap in time by jstebbins@jetheaddev.com - https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/4a9d32baca3af0d1831f9556a922c7ab5b426b10

avformat: fix id3 chapters by lukas@stabe.de - https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/1fd80106be3dca9fa0ea13fb364c8d221bd27c15

If this is incorrect, please apply the Test-Predator-Wrong-CLs label.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Assign to dalecurtis (ffmpeg owner) to help triage and assign to the right owner. Thanks!

+awhalley@

Says this just impacts head, with the starting regression at 64.0.3262.0, not beta? Correcting the labels to match what's in CF.

jstebbins@ who doesn't have access to this bug says a fix has been submitted upstream. I'm looking into it now.

Fix from upstream works, landed and DEPS roll out: https://chromium-review.googlesource.com/c/chromium/src/+/790940

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/089483c18ed34c1702534ed23f2e404798734d92

commit 089483c18ed34c1702534ed23f2e404798734d92
Author: Dale Curtis <dalecurtis@chromium.org>
Date: Mon Nov 27 21:09:30 2017

Roll src/third_party/ffmpeg/ abead8cbc..9cb03e570 (1 commit)

https://chromium.googlesource.com/chromium/third_party/ffmpeg.git/+log/abead8cbcf89..9cb03e5705c1

$ git log abead8cbc..9cb03e570 --date=short --no-merges --format='%ad %ae %s'
2017-11-27 jstebbins lavf/mov: fix crash in mov_read_sidx

Created with:
  roll-dep src/third_party/ffmpeg

BUG= 788230 
TEST=test case no longer reproduces
TBR=sandersd

Change-Id: I721aec670a70d1c9ed54f416ddb71f3ec3a9b529
Reviewed-on: https://chromium-review.googlesource.com/790940
Reviewed-by: Dale Curtis <dalecurtis@chromium.org>
Commit-Queue: Dale Curtis <dalecurtis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#519399}
[modify] https://crrev.com/089483c18ed34c1702534ed23f2e404798734d92/DEPS

ClusterFuzz has detected this issue as fixed in range 519370:519404.

Detailed report: https://clusterfuzz.com/testcase?key=4672038630588416

Fuzzer: inferno_flicker
Job Type: linux_ubsan_vptr_chrome
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0xfffffffc07572604
Crash State:
  mov_read_sidx
  mov_read_default
  mov_read_header
  
Sanitizer: undefined (UBSAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_chrome&range=514498:517702
Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_chrome&range=519370:519404

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4672038630588416

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4672038630588416 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot