Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/ed531863f390d93f6eb15cfe5be4bd0ff6fb0b76 (Move mus command buffer client code from //mojo/gles2 to //components/mus/public).

If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.

My CL just moved code. It should not cause this problem.

This reproduces on tip-of-tree ffplay (configure --toolchain=clang-asan) upstream (f528c49c7cd10bfb7f639c467e11bb624be71eef).

I've reported this to niedermayer, cc'ing Dale and Dan (previous and current ffmpeg rollers).

sandersd: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

I am able to reproduce this prior to the M65 FFmpeg roll, but cannot after the roll. This issue was likely fixed upstream.

This issue was fixed by upstream commit 1bcd7fefcb3c1ec47978fdc64a9e8dfb9512ae62, "avcodec/opus_parser: Check payload_len in parse_opus_ts_header()".

ClusterFuzz has detected this issue as fixed in range 528993:529004.

Detailed report: https://clusterfuzz.com/testcase?key=6134545979277312

Fuzzer: libFuzzer_media_pipeline_integration_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 1
Crash Address: 0x612000010df5
Crash State:
  xiph_lacing_16bit
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=395675:395769
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=528993:529004

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6134545979277312

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6134545979277312 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Merge-Request-64 for DEPS update for ffmpeg to pull in commit from C#12.

This bug requires manual review: We are only 6 days from stable.
Please contact the milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), kbleicher@(ChromeOS), abdulsyed@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Can you please confirm why this is needed for M64 vs waiting until M65? Is this a safe merge overall?

It's a buffer-overflow security issue, which I thought we always wanted to merge when we had fixes for?

Approving for merge. Branch:3282

The following revision refers to this bug:
  https://chrome-internal.googlesource.com/chrome/tools/buildspec/+/d3f81700982851914e334ba680bf4613263de293

commit d3f81700982851914e334ba680bf4613263de293
Author: Dale Curtis <dalecurtis@chromium.org>
Date: Tue Jan 16 21:26:26 2018

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot