==23477==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60d000171d68 at pc 0x000313d0b434 bp 0x000170b2d650 sp 0x000170b2d648 WRITE of size 8 at 0x60d000171d68 thread T4 ==23477==WARNING: invalid path to external symbolizer! ==23477==WARNING: Failed to use and restart external symbolizer! #0 0x000313d0b430 in av1_get_one_pass_rt_params+0x46d4 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x13d0b430) #1 0x000313bef658 in av1_encode_strategy+0x1044 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x13bef658) #2 0x000313c29e04 in av1_get_compressed_data+0x424 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x13c29e04) #3 0x000313b2675c in encoder_encode+0x1cd0 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x13b2675c) #4 0x000313b15d6c in aom_codec_encode+0x130 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x13b15d6c) #5 0x000320043078 in webrtc::(anonymous namespace)::LibaomAv1Encoder::Encode(webrtc::VideoFrame const&, std::__Cr::vector> const*)+0x1b38 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x20043078) #6 0x00031ffcc480 in webrtc::SimulcastEncoderAdapter::Encode(webrtc::VideoFrame const&, std::__Cr::vector> const*)+0xc24 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x1ffcc480) #7 0x0003203da838 in webrtc::VideoStreamEncoder::EncodeVideoFrame(webrtc::VideoFrame const&, long long)+0x11b4 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x203da838) #8 0x0003203d8788 in webrtc::VideoStreamEncoder::MaybeEncodeVideoFrame(webrtc::VideoFrame const&, long long)+0x12c4 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x203d8788) #9 0x0003203d6ee8 in webrtc::VideoStreamEncoder::OnFrame(webrtc::Timestamp, bool, webrtc::VideoFrame const&)+0x690 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x203d6ee8) #10 0x00032040aa2c in void absl::internal_any_invocable::RemoteInvoker(absl::internal_any_invocable::TypeErasedState*)+0x2e8 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x2040aa2c) #11 0x00030145c1fc in blink::WebRtcTaskQueue::RunTask(absl::AnyInvocable)+0x118 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x145c1fc) #12 0x00030145d7d0 in base::internal::Invoker), blink::WebRtcTaskQueue*, absl::AnyInvocable&&>, base::internal::BindState), base::internal::RetainedRefWrapper, absl::AnyInvocable>, void ()>::RunOnce(base::internal::BindStateBase*)+0x190 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x145d7d0) #13 0x000310c2c7ec in base::TaskAnnotator::RunTaskImpl(base::PendingTask&)+0x344 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10c2c7ec) #14 0x000310cae55c in base::internal::TaskTracker::RunTaskImpl(base::internal::Task&, base::TaskTraits const&, base::internal::TaskSource*, base::internal::SequenceToken const&)+0x1f0 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10cae55c) #15 0x000310cae7a8 in base::internal::TaskTracker::RunSkipOnShutdown(base::internal::Task&, base::TaskTraits const&, base::internal::TaskSource*, base::internal::SequenceToken const&)+0xec (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10cae7a8) #16 0x000310cad180 in base::internal::TaskTracker::RunTask(base::internal::Task, base::internal::TaskSource*, base::TaskTraits const&)+0x3cc (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10cad180) #17 0x000310cac570 in base::internal::TaskTracker::RunAndPopNextTask(base::internal::RegisteredTaskSource)+0x540 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10cac570) #18 0x000310ce5ce4 in base::internal::WorkerThread::RunWorker()+0x858 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10ce5ce4) #19 0x000310ce5178 in base::internal::WorkerThread::RunPooledWorker()+0xac (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10ce5178) #20 0x000310ce4b30 in base::internal::WorkerThread::ThreadMain()+0x1e0 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10ce4b30) #21 0x000310d4c64c in base::(anonymous namespace)::ThreadFunc(void*)+0x154 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10d4c64c) #22 0x000100ff801c in __sanitizer_weak_hook_memcmp+0x3559c (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Helpers/Chromium Helper (Renderer).app/Contents/MacOS/libclang_rt.asan_osx_dynamic.dylib:arm64+0x5001c) #23 0x00018cbabc08 in _pthread_start+0x84 (/usr/lib/system/libsystem_pthread.dylib:arm64+0x6c08) #24 0x00018cba6b7c in thread_start+0x4 (/usr/lib/system/libsystem_pthread.dylib:arm64+0x1b7c) 0x60d000171d6f is located 0 bytes after 143-byte region [0x60d000171ce0,0x60d000171d6f) allocated by thread T4 here: #0 0x000100ffb32c in __asan_memmove+0x2bb0 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Helpers/Chromium Helper (Renderer).app/Contents/MacOS/libclang_rt.asan_osx_dynamic.dylib:arm64+0x5332c) #1 0x000313b11b5c in aom_calloc+0x44 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x13b11b5c) #2 0x000313d08ca4 in av1_get_one_pass_rt_params+0x1f48 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x13d08ca4) #3 0x000313bef658 in av1_encode_strategy+0x1044 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x13bef658) #4 0x000313c29e04 in av1_get_compressed_data+0x424 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x13c29e04) #5 0x000313b2675c in encoder_encode+0x1cd0 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x13b2675c) #6 0x000313b15d6c in aom_codec_encode+0x130 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x13b15d6c) #7 0x000320043078 in webrtc::(anonymous namespace)::LibaomAv1Encoder::Encode(webrtc::VideoFrame const&, std::__Cr::vector> const*)+0x1b38 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x20043078) #8 0x00031ffcc480 in webrtc::SimulcastEncoderAdapter::Encode(webrtc::VideoFrame const&, std::__Cr::vector> const*)+0xc24 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x1ffcc480) #9 0x0003203da838 in webrtc::VideoStreamEncoder::EncodeVideoFrame(webrtc::VideoFrame const&, long long)+0x11b4 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x203da838) #10 0x0003203d8788 in webrtc::VideoStreamEncoder::MaybeEncodeVideoFrame(webrtc::VideoFrame const&, long long)+0x12c4 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x203d8788) #11 0x0003203d6ee8 in webrtc::VideoStreamEncoder::OnFrame(webrtc::Timestamp, bool, webrtc::VideoFrame const&)+0x690 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x203d6ee8) #12 0x00032040aa2c in void absl::internal_any_invocable::RemoteInvoker(absl::internal_any_invocable::TypeErasedState*)+0x2e8 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x2040aa2c) #13 0x00030145c1fc in blink::WebRtcTaskQueue::RunTask(absl::AnyInvocable)+0x118 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x145c1fc) #14 0x00030145d7d0 in base::internal::Invoker), blink::WebRtcTaskQueue*, absl::AnyInvocable&&>, base::internal::BindState), base::internal::RetainedRefWrapper, absl::AnyInvocable>, void ()>::RunOnce(base::internal::BindStateBase*)+0x190 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x145d7d0) #15 0x000310c2c7ec in base::TaskAnnotator::RunTaskImpl(base::PendingTask&)+0x344 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10c2c7ec) #16 0x000310cae55c in base::internal::TaskTracker::RunTaskImpl(base::internal::Task&, base::TaskTraits const&, base::internal::TaskSource*, base::internal::SequenceToken const&)+0x1f0 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10cae55c) #17 0x000310cae7a8 in base::internal::TaskTracker::RunSkipOnShutdown(base::internal::Task&, base::TaskTraits const&, base::internal::TaskSource*, base::internal::SequenceToken const&)+0xec (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10cae7a8) #18 0x000310cad180 in base::internal::TaskTracker::RunTask(base::internal::Task, base::internal::TaskSource*, base::TaskTraits const&)+0x3cc (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10cad180) #19 0x000310cac570 in base::internal::TaskTracker::RunAndPopNextTask(base::internal::RegisteredTaskSource)+0x540 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10cac570) #20 0x000310ce5ce4 in base::internal::WorkerThread::RunWorker()+0x858 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10ce5ce4) #21 0x000310ce5178 in base::internal::WorkerThread::RunPooledWorker()+0xac (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10ce5178) #22 0x000310ce4b30 in base::internal::WorkerThread::ThreadMain()+0x1e0 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10ce4b30) #23 0x000310d4c64c in base::(anonymous namespace)::ThreadFunc(void*)+0x154 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10d4c64c) #24 0x000100ff801c in __sanitizer_weak_hook_memcmp+0x3559c (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Helpers/Chromium Helper (Renderer).app/Contents/MacOS/libclang_rt.asan_osx_dynamic.dylib:arm64+0x5001c) #25 0x00018cbabc08 in _pthread_start+0x84 (/usr/lib/system/libsystem_pthread.dylib:arm64+0x6c08) #26 0x00018cba6b7c in thread_start+0x4 (/usr/lib/system/libsystem_pthread.dylib:arm64+0x1b7c) Thread T4 created by T0 here: #0 0x000100ff2d8c in __sanitizer_weak_hook_memcmp+0x3030c (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Helpers/Chromium Helper (Renderer).app/Contents/MacOS/libclang_rt.asan_osx_dynamic.dylib:arm64+0x4ad8c) #1 0x000310d4bc04 in base::(anonymous namespace)::CreateThread(unsigned long, bool, base::PlatformThreadBase::Delegate*, base::PlatformThreadHandle*, base::ThreadType, base::MessagePumpType)+0x270 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10d4bc04) #2 0x000310ce3af8 in base::internal::WorkerThread::Start(scoped_refptr, base::WorkerThreadObserver*)+0x27c (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10ce3af8) #3 0x000310cb3cfc in base::internal::ThreadGroup::BaseScopedCommandsExecutor::Flush()+0x230 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10cb3cfc) #4 0x000310cb3a6c in base::internal::ThreadGroup::BaseScopedCommandsExecutor::~BaseScopedCommandsExecutor()+0x44 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10cb3a6c) #5 0x000310cb9cd8 in base::internal::ThreadGroupImpl::Start(unsigned long, unsigned long, base::TimeDelta, scoped_refptr, base::WorkerThreadObserver*, base::internal::ThreadGroup::WorkerEnvironment, bool, std::__Cr::optional)+0x290 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10cb9cd8) #6 0x000310cda3a0 in base::internal::ThreadPoolImpl::Start(base::ThreadPoolInstance::InitParams const&, base::WorkerThreadObserver*)+0x7cc (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10cda3a0) #7 0x000319547ffc in content::ChildProcess::ChildProcess(base::ThreadType, std::__Cr::unique_ptr>)+0x300 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x19547ffc) #8 0x000319692e8c in content::RenderProcess::RenderProcess(std::__Cr::unique_ptr>)+0x20 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x19692e8c) #9 0x000319692f9c in content::RenderProcessImpl::RenderProcessImpl()+0xac (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x19692f9c) #10 0x0003197100f0 in content::RendererMain(content::MainFunctionParams)+0x458 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x197100f0) #11 0x00030df30374 in content::RunOtherNamedProcessTypeMain(std::__Cr::basic_string, std::__Cr::allocator> const&, content::MainFunctionParams, content::ContentMainDelegate*)+0x3d8 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0xdf30374) #12 0x00030df323dc in content::ContentMainRunnerImpl::Run()+0x49c (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0xdf323dc) #13 0x00030df2de0c in content::RunContentProcess(content::ContentMainParams, content::ContentMainRunner*)+0x5bc (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0xdf2de0c) #14 0x00030df2e670 in content::ContentMain(content::ContentMainParams)+0x190 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0xdf2e670) #15 0x0003000070a0 in ChromeMain+0x360 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x70a0) #16 0x000100c88d94 in main+0x254 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Helpers/Chromium Helper (Renderer).app/Contents/MacOS/Chromium Helper (Renderer):arm64+0x100000d94) #17 0x00018c80ab94 in start+0x17b8 (/usr/lib/dyld:arm64+0xfffffffffff3ab94) SUMMARY: AddressSanitizer: heap-buffer-overflow (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x13d0b430) in av1_get_one_pass_rt_params+0x46d4 Shadow bytes around the buggy address: 0x60d000171a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x60d000171b00: fa fa fa fa fa fa f7 fa 00 00 00 00 00 00 00 00 0x60d000171b80: 00 00 00 00 00 00 00 00 00 07 fa fa fa fa fa fa 0x60d000171c00: f7 fa 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x60d000171c80: 00 00 00 fa fa fa fa fa fa fa f7 fa 00 00 00 00 =>0x60d000171d00: 00 00 00 00 00 00 00 00 00 00 00 00 00[07]fa fa 0x60d000171d80: fa fa fa fa f7 fa fd fd fd fd fd fd fd fd fd fd 0x60d000171e00: fd fd fd fd fd fd fd fa fa fa fa fa fa fa f7 fa 0x60d000171e80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x60d000171f00: fa fa fa fa fa fa fa fa f7 fa fd fd fd fd fd fd 0x60d000171f80: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==23477==ADDITIONAL INFO ==23477==Note: Please include this section with the ASan report. Task trace: #0 0x000320405a1c in webrtc::(anonymous namespace)::FrameCadenceAdapterImpl::OnFrame(webrtc::VideoFrame const&)+0x2c4 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x20405a1c) #1 0x000320af2304 in blink::MediaStreamVideoWebRtcSink::WebRtcVideoSourceAdapter::OnVideoFrameOnIO(scoped_refptr, base::TimeTicks)+0x130 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x20af2304) #2 0x0003214b0068 in blink::CanvasCaptureHandler::SendFrame(base::TimeTicks, gfx::ColorSpace const&, scoped_refptr)+0x340 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x214b0068) #3 0x0003135dd208 in IPC::ChannelAssociatedGroupController::Accept(mojo::Message*)+0x7d0 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x135dd208) Command line: `/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Helpers/Chromium Helper (Renderer).app/Contents/MacOS/Chromium Helper (Renderer) --type=renderer --enable-dinosaur-easter-egg-alt-images --file-url-path-alias=/gen=/Users/jlennox/Chromium/Chromium/src/out/asan/gen --lang=en-US --num-raster-threads=4 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --enable-main-frame-before-activation --renderer-client-id=22 --time-ticks-at-unix-epoch=-1753989055163881 --launch-time-ticks=418366833208 --shared-files --metrics-shmem-handle=1752395122,r,13779126103931963860,8968575736019818966,2097152 --field-trial-handle=1718379636,r,17721548413003223315,3484922444509415361,262144 --variations-seed-version --seatbelt-client=143` ==23477==END OF ADDITIONAL INFO ==23477==ABORTING Received signal 6 [0x000310d7a0a0] [0x000310d4fd54] [0x000310d79ed4] [0x00018cbe56a4] [0x00018cbab88c] [0x00018cab4a3c] [0x000101021c20] [0x000101021140] [0x000101004534] [0x0001010037a8] [0x000101005104] [0x000313d0b434] [0x000313bef65c] [0x000313c29e08] [0x000313b26760] [0x000313b15d70] [0x00032004307c] [0x00031ffcc484] [0x0003203da83c] [0x0003203d878c] [0x0003203d6eec] [0x00032040aa30] [0x00030145c200] [0x00030145d7d4] [0x000310c2c7f0] [0x000310cae560] [0x000310cae7ac] [0x000310cad184] [0x000310cac574] [0x000310ce5ce8] [0x000310ce517c] [0x000310ce4b34] [0x000310d4c650] [0x000100ff8020] [0x00018cbabc0c] [0x00018cba6b80] [end of stack trace] [0805/122633.422900:WARNING:third_party/crashpad/crashpad/util/process/process_memory_mac.cc:94] mach_vm_read(0x16f174000, 0x8000): (os/kern) invalid address (1) ================================================================= ==23111==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60d0002aca18 at pc 0x000313d0b434 bp 0x00016d0f1650 sp 0x00016d0f1648 WRITE of size 8 at 0x60d0002aca18 thread T4 ==23111==WARNING: invalid path to external symbolizer! ==23111==WARNING: Failed to use and restart external symbolizer! #0 0x000313d0b430 in av1_get_one_pass_rt_params+0x46d4 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x13d0b430) #1 0x000313bef658 in av1_encode_strategy+0x1044 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x13bef658) #2 0x000313c29e04 in av1_get_compressed_data+0x424 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x13c29e04) #3 0x000313b2675c in encoder_encode+0x1cd0 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x13b2675c) #4 0x000313b15d6c in aom_codec_encode+0x130 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x13b15d6c) #5 0x000320043078 in webrtc::(anonymous namespace)::LibaomAv1Encoder::Encode(webrtc::VideoFrame const&, std::__Cr::vector> const*)+0x1b38 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x20043078) #6 0x00031ffcc480 in webrtc::SimulcastEncoderAdapter::Encode(webrtc::VideoFrame const&, std::__Cr::vector> const*)+0xc24 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x1ffcc480) #7 0x0003203da838 in webrtc::VideoStreamEncoder::EncodeVideoFrame(webrtc::VideoFrame const&, long long)+0x11b4 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x203da838) #8 0x0003203d8788 in webrtc::VideoStreamEncoder::MaybeEncodeVideoFrame(webrtc::VideoFrame const&, long long)+0x12c4 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x203d8788) #9 0x0003203d6ee8 in webrtc::VideoStreamEncoder::OnFrame(webrtc::Timestamp, bool, webrtc::VideoFrame const&)+0x690 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x203d6ee8) #10 0x00032040aa2c in void absl::internal_any_invocable::RemoteInvoker(absl::internal_any_invocable::TypeErasedState*)+0x2e8 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x2040aa2c) #11 0x00030145c1fc in blink::WebRtcTaskQueue::RunTask(absl::AnyInvocable)+0x118 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x145c1fc) #12 0x00030145d7d0 in base::internal::Invoker), blink::WebRtcTaskQueue*, absl::AnyInvocable&&>, base::internal::BindState), base::internal::RetainedRefWrapper, absl::AnyInvocable>, void ()>::RunOnce(base::internal::BindStateBase*)+0x190 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x145d7d0) #13 0x000310c2c7ec in base::TaskAnnotator::RunTaskImpl(base::PendingTask&)+0x344 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10c2c7ec) #14 0x000310cae55c in base::internal::TaskTracker::RunTaskImpl(base::internal::Task&, base::TaskTraits const&, base::internal::TaskSource*, base::internal::SequenceToken const&)+0x1f0 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10cae55c) #15 0x000310cae7a8 in base::internal::TaskTracker::RunSkipOnShutdown(base::internal::Task&, base::TaskTraits const&, base::internal::TaskSource*, base::internal::SequenceToken const&)+0xec (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10cae7a8) #16 0x000310cad180 in base::internal::TaskTracker::RunTask(base::internal::Task, base::internal::TaskSource*, base::TaskTraits const&)+0x3cc (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10cad180) #17 0x000310cac570 in base::internal::TaskTracker::RunAndPopNextTask(base::internal::RegisteredTaskSource)+0x540 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10cac570) #18 0x000310ce5ce4 in base::internal::WorkerThread::RunWorker()+0x858 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10ce5ce4) #19 0x000310ce5178 in base::internal::WorkerThread::RunPooledWorker()+0xac (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10ce5178) #20 0x000310ce4b30 in base::internal::WorkerThread::ThreadMain()+0x1e0 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10ce4b30) #21 0x000310d4c64c in base::(anonymous namespace)::ThreadFunc(void*)+0x154 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10d4c64c) #22 0x0001049c801c in __sanitizer_weak_hook_memcmp+0x3559c (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Helpers/Chromium Helper (Renderer).app/Contents/MacOS/libclang_rt.asan_osx_dynamic.dylib:arm64+0x5001c) #23 0x00018cbabc08 in _pthread_start+0x84 (/usr/lib/system/libsystem_pthread.dylib:arm64+0x6c08) #24 0x00018cba6b7c in thread_start+0x4 (/usr/lib/system/libsystem_pthread.dylib:arm64+0x1b7c) 0x60d0002aca1f is located 0 bytes after 143-byte region [0x60d0002ac990,0x60d0002aca1f) allocated by thread T4 here: #0 0x0001049cb32c in __asan_memmove+0x2bb0 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Helpers/Chromium Helper (Renderer).app/Contents/MacOS/libclang_rt.asan_osx_dynamic.dylib:arm64+0x5332c) #1 0x000313b11b5c in aom_calloc+0x44 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x13b11b5c) #2 0x000313d08ca4 in av1_get_one_pass_rt_params+0x1f48 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x13d08ca4) #3 0x000313bef658 in av1_encode_strategy+0x1044 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x13bef658) #4 0x000313c29e04 in av1_get_compressed_data+0x424 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x13c29e04) #5 0x000313b2675c in encoder_encode+0x1cd0 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x13b2675c) #6 0x000313b15d6c in aom_codec_encode+0x130 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x13b15d6c) #7 0x000320043078 in webrtc::(anonymous namespace)::LibaomAv1Encoder::Encode(webrtc::VideoFrame const&, std::__Cr::vector> const*)+0x1b38 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x20043078) #8 0x00031ffcc480 in webrtc::SimulcastEncoderAdapter::Encode(webrtc::VideoFrame const&, std::__Cr::vector> const*)+0xc24 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x1ffcc480) #9 0x0003203da838 in webrtc::VideoStreamEncoder::EncodeVideoFrame(webrtc::VideoFrame const&, long long)+0x11b4 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x203da838) #10 0x0003203d8788 in webrtc::VideoStreamEncoder::MaybeEncodeVideoFrame(webrtc::VideoFrame const&, long long)+0x12c4 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x203d8788) #11 0x0003203d6ee8 in webrtc::VideoStreamEncoder::OnFrame(webrtc::Timestamp, bool, webrtc::VideoFrame const&)+0x690 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x203d6ee8) #12 0x00032040aa2c in void absl::internal_any_invocable::RemoteInvoker(absl::internal_any_invocable::TypeErasedState*)+0x2e8 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x2040aa2c) #13 0x00030145c1fc in blink::WebRtcTaskQueue::RunTask(absl::AnyInvocable)+0x118 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x145c1fc) #14 0x00030145d7d0 in base::internal::Invoker), blink::WebRtcTaskQueue*, absl::AnyInvocable&&>, base::internal::BindState), base::internal::RetainedRefWrapper, absl::AnyInvocable>, void ()>::RunOnce(base::internal::BindStateBase*)+0x190 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x145d7d0) #15 0x000310c2c7ec in base::TaskAnnotator::RunTaskImpl(base::PendingTask&)+0x344 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10c2c7ec) #16 0x000310cae55c in base::internal::TaskTracker::RunTaskImpl(base::internal::Task&, base::TaskTraits const&, base::internal::TaskSource*, base::internal::SequenceToken const&)+0x1f0 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10cae55c) #17 0x000310cae7a8 in base::internal::TaskTracker::RunSkipOnShutdown(base::internal::Task&, base::TaskTraits const&, base::internal::TaskSource*, base::internal::SequenceToken const&)+0xec (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10cae7a8) #18 0x000310cad180 in base::internal::TaskTracker::RunTask(base::internal::Task, base::internal::TaskSource*, base::TaskTraits const&)+0x3cc (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10cad180) #19 0x000310cac570 in base::internal::TaskTracker::RunAndPopNextTask(base::internal::RegisteredTaskSource)+0x540 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10cac570) #20 0x000310ce5ce4 in base::internal::WorkerThread::RunWorker()+0x858 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10ce5ce4) #21 0x000310ce5178 in base::internal::WorkerThread::RunPooledWorker()+0xac (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10ce5178) #22 0x000310ce4b30 in base::internal::WorkerThread::ThreadMain()+0x1e0 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10ce4b30) #23 0x000310d4c64c in base::(anonymous namespace)::ThreadFunc(void*)+0x154 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10d4c64c) #24 0x0001049c801c in __sanitizer_weak_hook_memcmp+0x3559c (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Helpers/Chromium Helper (Renderer).app/Contents/MacOS/libclang_rt.asan_osx_dynamic.dylib:arm64+0x5001c) #25 0x00018cbabc08 in _pthread_start+0x84 (/usr/lib/system/libsystem_pthread.dylib:arm64+0x6c08) #26 0x00018cba6b7c in thread_start+0x4 (/usr/lib/system/libsystem_pthread.dylib:arm64+0x1b7c) Thread T4 created by T0 here: #0 0x0001049c2d8c in __sanitizer_weak_hook_memcmp+0x3030c (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Helpers/Chromium Helper (Renderer).app/Contents/MacOS/libclang_rt.asan_osx_dynamic.dylib:arm64+0x4ad8c) #1 0x000310d4bc04 in base::(anonymous namespace)::CreateThread(unsigned long, bool, base::PlatformThreadBase::Delegate*, base::PlatformThreadHandle*, base::ThreadType, base::MessagePumpType)+0x270 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10d4bc04) #2 0x000310ce3af8 in base::internal::WorkerThread::Start(scoped_refptr, base::WorkerThreadObserver*)+0x27c (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10ce3af8) #3 0x000310cb3cfc in base::internal::ThreadGroup::BaseScopedCommandsExecutor::Flush()+0x230 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10cb3cfc) #4 0x000310cb3a6c in base::internal::ThreadGroup::BaseScopedCommandsExecutor::~BaseScopedCommandsExecutor()+0x44 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10cb3a6c) #5 0x000310cb9cd8 in base::internal::ThreadGroupImpl::Start(unsigned long, unsigned long, base::TimeDelta, scoped_refptr, base::WorkerThreadObserver*, base::internal::ThreadGroup::WorkerEnvironment, bool, std::__Cr::optional)+0x290 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10cb9cd8) #6 0x000310cda3a0 in base::internal::ThreadPoolImpl::Start(base::ThreadPoolInstance::InitParams const&, base::WorkerThreadObserver*)+0x7cc (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x10cda3a0) #7 0x000319547ffc in content::ChildProcess::ChildProcess(base::ThreadType, std::__Cr::unique_ptr>)+0x300 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x19547ffc) #8 0x000319692e8c in content::RenderProcess::RenderProcess(std::__Cr::unique_ptr>)+0x20 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x19692e8c) #9 0x000319692f9c in content::RenderProcessImpl::RenderProcessImpl()+0xac (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x19692f9c) #10 0x0003197100f0 in content::RendererMain(content::MainFunctionParams)+0x458 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x197100f0) #11 0x00030df30374 in content::RunOtherNamedProcessTypeMain(std::__Cr::basic_string, std::__Cr::allocator> const&, content::MainFunctionParams, content::ContentMainDelegate*)+0x3d8 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0xdf30374) #12 0x00030df323dc in content::ContentMainRunnerImpl::Run()+0x49c (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0xdf323dc) #13 0x00030df2de0c in content::RunContentProcess(content::ContentMainParams, content::ContentMainRunner*)+0x5bc (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0xdf2de0c) #14 0x00030df2e670 in content::ContentMain(content::ContentMainParams)+0x190 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0xdf2e670) #15 0x0003000070a0 in ChromeMain+0x360 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x70a0) #16 0x0001046c4d94 in main+0x254 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Helpers/Chromium Helper (Renderer).app/Contents/MacOS/Chromium Helper (Renderer):arm64+0x100000d94) #17 0x00018c80ab94 in start+0x17b8 (/usr/lib/dyld:arm64+0xfffffffffff3ab94) SUMMARY: AddressSanitizer: heap-buffer-overflow (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x13d0b430) in av1_get_one_pass_rt_params+0x46d4 Shadow bytes around the buggy address: 0x60d0002ac780: fd fd fd fd fd fa fa fa fa fa fa fa f7 fa 00 00 0x60d0002ac800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa 0x60d0002ac880: fa fa fa fa fa fa f7 fa 00 00 00 00 00 00 00 00 0x60d0002ac900: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa 0x60d0002ac980: f7 fa 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x60d0002aca00: 00 00 00[07]fa fa fa fa fa fa f7 fa fd fd fd fd 0x60d0002aca80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa 0x60d0002acb00: fa fa fa fa f7 fa fd fd fd fd fd fd fd fd fd fd 0x60d0002acb80: fd fd fd fd fd fd fd fa fa fa fa fa fa fa f7 fa 0x60d0002acc00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x60d0002acc80: fd fa fa fa fa fa fa fa f7 fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==23111==ADDITIONAL INFO ==23111==Note: Please include this section with the ASan report. Task trace: #0 0x000320405a1c in webrtc::(anonymous namespace)::FrameCadenceAdapterImpl::OnFrame(webrtc::VideoFrame const&)+0x2c4 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x20405a1c) #1 0x000320af2304 in blink::MediaStreamVideoWebRtcSink::WebRtcVideoSourceAdapter::OnVideoFrameOnIO(scoped_refptr, base::TimeTicks)+0x130 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x20af2304) #2 0x0003214b0068 in blink::CanvasCaptureHandler::SendFrame(base::TimeTicks, gfx::ColorSpace const&, scoped_refptr)+0x340 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x214b0068) #3 0x0003135dd208 in IPC::ChannelAssociatedGroupController::Accept(mojo::Message*)+0x7d0 (/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Chromium Framework:arm64+0x135dd208) Command line: `/Users/jlennox/Chromium/Chromium/src/out/asan/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/138.0.7204.184/Helpers/Chromium Helper (Renderer).app/Contents/MacOS/Chromium Helper (Renderer) --type=renderer --enable-dinosaur-easter-egg-alt-images --file-url-path-alias=/gen=/Users/jlennox/Chromium/Chromium/src/out/asan/gen --lang=en-US --num-raster-threads=4 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1753989055163881 --launch-time-ticks=418347530579 --shared-files --metrics-shmem-handle=1752395122,r,4190065713243052394,14219529493746396323,2097152 --field-trial-handle=1718379636,r,17721548413003223315,3484922444509415361,262144 --variations-seed-version --seatbelt-client=133` ==23111==END OF ADDITIONAL INFO ==23111==ABORTING Received signal 6 [0x000310d7a0a0] [0x000310d4fd54] [0x000310d79ed4] [0x00018cbe56a4] [0x00018cbab88c] [0x00018cab4a3c] [0x0001049f1c20] [0x0001049f1140] [0x0001049d4534] [0x0001049d37a8] [0x0001049d5104] [0x000313d0b434] [0x000313bef65c] [0x000313c29e08] [0x000313b26760] [0x000313b15d70] [0x00032004307c] [0x00031ffcc484] [0x0003203da83c] [0x0003203d878c] [0x0003203d6eec] [0x00032040aa30] [0x00030145c200] [0x00030145d7d4] [0x000310c2c7f0] [0x000310cae560] [0x000310cae7ac] [0x000310cad184] [0x000310cac574] [0x000310ce5ce8] [0x000310ce517c] [0x000310ce4b34] [0x000310d4c650] [0x0001049c8020] [0x00018cbabc0c] [0x00018cba6b80] [end of stack trace]