Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/03c6fb32c54b64bb9424b7e2dbdf8753e409e7ce (MSE: Improve sorted range checking in debug builds).

If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.

Investigating...  Such can indicate my fixes for  bug 791095  haven't fully fixed that problem.

I have a confirmed local repro.

The repro case passes the ByPts version; it hits the DCHECK when buffering ByDts.. investigating further.

A precisely overlapping buffer of the previously appended buffer (continuous in same MSE coded frame group, when buffering by Dts) appears to trigger the problem. This doesn't seem to be specific to mp2ts at first glance.

I'll investigate further and work on a fix.

Fix is in review: https://chromium-review.googlesource.com/c/chromium/src/+/867972

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/cfe1e5f7d7aafa697a51d137b955fd0c40667c1d

commit cfe1e5f7d7aafa697a51d137b955fd0c40667c1d
Author: Matt Wolenetz <wolenetz@chromium.org>
Date: Wed Jan 17 05:32:18 2018

MSE: Prevent disjoint (but adjacent) ranges in a ByDts case

Like many cases fixed by  bug 791095 , this change fixes another case
where a set of buffered ranges [a,b) [b,c) might result from a sequence
of appends to the MSE API. This fix expands an additional
MergeWithAdjacentRangeIfNecessary() call in SBS::Append() to occur not
just when buffering by PTS, but also when buffering by DTS.

New unit tests are included that demonstrated the fault prior to the
rest of this change, in both sequence and segments mode when buffering
by DTS. With this change, the clusterfuzz case in  bug 801796  no longer
repros.

BUG= 801796 , 791095 
TEST=SourceBufferStreamTest.PreciselyOverlapLastAudioFrameAppended_*

Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
Change-Id: Icf103726b5220d021519c1fce086a06f87c48161
Reviewed-on: https://chromium-review.googlesource.com/867972
Commit-Queue: Matthew Wolenetz <wolenetz@chromium.org>
Reviewed-by: Chrome Cunningham <chcunningham@chromium.org>
Cr-Commit-Position: refs/heads/master@{#529628}
[modify] https://crrev.com/cfe1e5f7d7aafa697a51d137b955fd0c40667c1d/media/filters/source_buffer_stream.cc
[modify] https://crrev.com/cfe1e5f7d7aafa697a51d137b955fd0c40667c1d/media/filters/source_buffer_stream_unittest.cc
[modify] https://crrev.com/cfe1e5f7d7aafa697a51d137b955fd0c40667c1d/media/test/pipeline_integration_fuzzertest.cc

ClusterFuzz has detected this issue as fixed in range 529616:529629.

Detailed report: https://clusterfuzz.com/testcase?key=6097053263593472

Fuzzer: libFuzzer_mediasource_MP2T_MP3_pipeline_integration_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  IsRangeListSorted(ranges_) in source_buffer_stream.cc
  media::SourceBufferStream<media::SourceBufferRangeByDts>::Append
  media::ChunkDemuxerStream::Append
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=529129:529141
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=529616:529629

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6097053263593472

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6097053263593472 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.