Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Predator has provided the 8 possible suspects and none of the owners are chromium users.

With reference to  Issue 654612 , assigning it concern owner

Note: Since author dalecurtis@ is OOO Dec 16-Jan 7, hence assigning it to the reviewer

sandersd@ Could you please look into this issue and assign it to the concern owner

I'll take over this bug; there are a half-dozen just like it (undefined behavior in FFmpeg) already assigned to me.

I have a local repro on ToT Chromium.
I also have a local repro on upstream ffplay in rodete (configure --toolchain=clang-usan). To obtain that repro, ffplay cmdline option "-ss 0" is required to initiate the "seek to time 0" that triggers the overflow code path. Specific UBSAN options (see the report, minus suppressions and symbolization options) are helpful to obtain the stack trace.

I've sent the case upstream to Michael today.

With my review, Michael landed his upstream fix last Thursday:

https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/02ecda4aba69670ca744ccc640391b7621f01fb0

It'll get pulled into the M67 ffmpeg roll (no cherry-pick should be needed for M67).

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3a1d00c3ef1de6fcc959696e2a1ff11f901e4720

commit 3a1d00c3ef1de6fcc959696e2a1ff11f901e4720
Author: Matt Wolenetz <wolenetz@chromium.org>
Date: Thu Mar 15 22:54:10 2018

Roll src/third_party/ffmpeg/ 4468d4967..02ec9ce5a (389 commits)

https://chromium.googlesource.com/chromium/third_party/ffmpeg.git/+log/4468d4967f5d..02ec9ce5a9bc

$ git log 4468d4967..02ec9ce5a --date=short --no-merges --format='%ad %ae %s'
2018-03-13 wolenetz Updating build configs for M67 roll.
2018-03-13 wolenetz Update build_ffmpeg.py's sysroot name for M67
2018-03-13 wolenetz Remove deprecated av_register_all from ffmpeg.sigs
2018-03-13 wolenetz Copy [de]muxer, codec and parser lists into configs
2018-03-12 wolenetz Update chromium patches README
2018-03-12 vdixit avformat/hlsenc: fix for zero EXTINF tag duration
2018-03-12 matthieu.bouron avcodec/mediacodecdec_common: make INFO_TRY_AGAIN trace messages more consistent
2018-03-10 aman avcodec/mediacodecdec: add debug logging around hw buffer lifecycle
2018-02-27 michael avcodec/nuv: rtjpeg with dimensions less than 16 would result in no decoded pixels thus reject it
2018-02-27 michael avcodec/nuv: Check for minimum input size for uncomprssed and rtjpeg
(...)

Created with:
  roll-dep src/third_party/ffmpeg

Includes removal of FFmpegGlue::InitializeFFmpeg() because
av_register_all is no longer needed (and is deprecated in FFmpeg).

BUG= 803898 ,  772699 ,  786793 ,  791237 ,  791349 ,  795653 ,  796778 ,  800123 ,  817338 

Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
Change-Id: I94ccecab95831174a3bae6e9a8422e10bfec8e85
Reviewed-on: https://chromium-review.googlesource.com/964248
Reviewed-by: Dale Curtis <dalecurtis@chromium.org>
Reviewed-by: Xiaohan Wang <xhwang@chromium.org>
Reviewed-by: Sergey Ulanov <sergeyu@chromium.org>
Commit-Queue: Matthew Wolenetz <wolenetz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#543531}
[modify] https://crrev.com/3a1d00c3ef1de6fcc959696e2a1ff11f901e4720/DEPS
[modify] https://crrev.com/3a1d00c3ef1de6fcc959696e2a1ff11f901e4720/content/renderer/media/webrtc/peer_connection_dependency_factory.cc
[modify] https://crrev.com/3a1d00c3ef1de6fcc959696e2a1ff11f901e4720/media/cdm/library_cdm/clear_key_cdm/clear_key_cdm.cc
[modify] https://crrev.com/3a1d00c3ef1de6fcc959696e2a1ff11f901e4720/media/ffmpeg/ffmpeg_common_unittest.cc
[modify] https://crrev.com/3a1d00c3ef1de6fcc959696e2a1ff11f901e4720/media/filters/ffmpeg_audio_decoder.cc
[modify] https://crrev.com/3a1d00c3ef1de6fcc959696e2a1ff11f901e4720/media/filters/ffmpeg_glue.cc
[modify] https://crrev.com/3a1d00c3ef1de6fcc959696e2a1ff11f901e4720/media/filters/ffmpeg_glue.h
[modify] https://crrev.com/3a1d00c3ef1de6fcc959696e2a1ff11f901e4720/media/filters/ffmpeg_video_decoder.cc
[modify] https://crrev.com/3a1d00c3ef1de6fcc959696e2a1ff11f901e4720/media/filters/ffmpeg_video_decoder_unittest.cc
[modify] https://crrev.com/3a1d00c3ef1de6fcc959696e2a1ff11f901e4720/media/gpu/video_encode_accelerator_unittest.cc

ClusterFuzz has detected this issue as fixed in range 543518:543534.

Detailed report: https://clusterfuzz.com/testcase?key=6086545642881024

Fuzzer: libFuzzer_media_pipeline_integration_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  av_add_stable
  compute_pkt_fields
  read_frame_internal
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=477380:477461
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=543518:543534

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6086545642881024

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6086545642881024 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.