Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Unable to find actual suspect through code search and also from the provided CL, hence marking it as untriaged.

Note: Observing some recent changes for the below file 'mov.c', so cc'ing to @sandersd for more updates on this issue.

https://chromium.googlesource.com/chromium/third_party/ffmpeg.git/+/c92d9394f9e024d7d038455b846fbbc987262ff4

Thanks!

We should backport the fix to M65 for this one; the ship has sailed for M64 probably though.

remove from untriaged bucket.

I'll take a look at this as well.

sandersd@ is already on this. Reassign.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/9ed334093692f2dc77c4ad8186ddadde584e1e20

commit 9ed334093692f2dc77c4ad8186ddadde584e1e20
Author: Dan Sanders <sandersd@chromium.org>
Date: Wed Feb 14 00:42:58 2018

Prevent NULL dereference in mov_seek_fragment()

If the fragment index is empty, mov_seek_fragment() will try to read the
first index entry anyway. This patch adds an early return in that case.

Bug:  804070 
Change-Id: I2e4c3b9859c0434181dc3e62486f314166617fe6
Reviewed-on: https://chromium-review.googlesource.com/917381
Reviewed-by: Dale Curtis <dalecurtis@chromium.org>

[modify] https://crrev.com/9ed334093692f2dc77c4ad8186ddadde584e1e20/libavformat/mov.c
[modify] https://crrev.com/9ed334093692f2dc77c4ad8186ddadde584e1e20/chromium/patches/README

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e19b85dee7f81bcce2c2af2ad1688c725ab85960

commit e19b85dee7f81bcce2c2af2ad1688c725ab85960
Author: Xiaohan Wang <xhwang@chromium.org>
Date: Wed Feb 14 23:37:39 2018

Roll src/third_party/ffmpeg/ 58a80d155..9ed334093 (4 commits)

https://chromium.googlesource.com/chromium/third_party/ffmpeg.git/+log/58a80d15568f..9ed334093692

$ git log 58a80d155..9ed334093 --date=short --no-merges --format='%ad %ae %s'
2018-02-13 sandersd Prevent NULL dereference in mov_seek_fragment()
2018-02-13 xhwang ffmpeg: Fix integer overflow in decode_cabac_residual_internal()
2018-02-13 xhwang ffmpeg: Fix stts_data memory allocation
2018-02-13 sandersd Prevent NULL dereference in mov_read_sidx()

Created with:
  roll-dep src/third_party/ffmpeg

BUG= 804070 , 806580 , 801821 , 802335 

Change-Id: Iae66a2c0ac4443b8ef04fffa630a925308dfdd04
Reviewed-on: https://chromium-review.googlesource.com/919863
Reviewed-by: Dale Curtis <dalecurtis@chromium.org>
Commit-Queue: Xiaohan Wang <xhwang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#536884}
[modify] https://crrev.com/e19b85dee7f81bcce2c2af2ad1688c725ab85960/DEPS

ClusterFuzz has detected this issue as fixed in range 536860:536908.

Detailed report: https://clusterfuzz.com/testcase?key=6286071922163712

Fuzzer: libFuzzer_media_pipeline_integration_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000008
Crash State:
  mov_seek_fragment
  mov_seek_stream
  mov_read_seek
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=518239:518261
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=536860:536908

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6286071922163712

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6286071922163712 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Dan, this patch isn't yet in upstream ffmpeg; it's still correctly tracked by our downstream patches README as of M67 roll  bug 803898 .