Found while fuzzing m-c 20230310-0565e88d9452 (--enable-address-sanitizer --enable-fuzzing)

To reproduce via Grizzly Replay:

$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch -a --fuzzing -n firefox
$ python -m grizzly.replay ./firefox/firefox testcase.mp4

/builds/worker/checkouts/gecko/dom/media/platforms/ffmpeg/FFmpegVideoDecoder.cpp:1125:19: runtime error: load of value 70, which is not a valid value for type 'enum AVColorSpace'
    #0 0x7f97506cc726 in mozilla::FFmpegVideoDecoder<46465650>::GetFrameColorSpace() const /builds/worker/checkouts/gecko/dom/media/platforms/ffmpeg/FFmpegVideoDecoder.cpp:1125:19
    #1 0x7f97506cb541 in mozilla::FFmpegVideoDecoder<46465650>::CreateImage(long, long, long, nsTArray<RefPtr<mozilla::MediaData>>&) const /builds/worker/checkouts/gecko/dom/media/platforms/ffmpeg/FFmpegVideoDecoder.cpp:1249:22
    #2 0x7f97506c7b36 in mozilla::FFmpegVideoDecoder<46465650>::DoDecode(mozilla::MediaRawData*, unsigned char*, int, bool*, nsTArray<RefPtr<mozilla::MediaData>>&) /builds/worker/checkouts/gecko/dom/media/platforms/ffmpeg/FFmpegVideoDecoder.cpp:969:12
    #3 0x7f97506bb1cd in mozilla::FFmpegDataDecoder<46465650>::DoDecode(mozilla::MediaRawData*, bool*, nsTArray<RefPtr<mozilla::MediaData>>&) /builds/worker/checkouts/gecko/dom/media/platforms/ffmpeg/FFmpegDataDecoder.cpp:193:10
    #4 0x7f97506ba973 in mozilla::FFmpegDataDecoder<46465650>::ProcessDecode(mozilla::MediaRawData*) /builds/worker/checkouts/gecko/dom/media/platforms/ffmpeg/FFmpegDataDecoder.cpp:147:20
    #5 0x7f97506d2bdb in applyImpl<mozilla::FFmpegDataDecoder<46465650>, RefPtr<mozilla::MozPromise<nsTArray<RefPtr<mozilla::MediaData> >, mozilla::MediaResult, true> > (mozilla::FFmpegDataDecoder<46465650>::*)(mozilla::MediaRawData *), StoreRefPtrPassByPtr<mozilla::MediaRawData>, 0UL> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1163:12
    #6 0x7f97506d2bdb in apply<mozilla::FFmpegDataDecoder<46465650>, RefPtr<mozilla::MozPromise<nsTArray<RefPtr<mozilla::MediaData> >, mozilla::MediaResult, true> > (mozilla::FFmpegDataDecoder<46465650>::*)(mozilla::MediaRawData *)> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1169:12
    #7 0x7f97506d2bdb in mozilla::detail::MethodCall<mozilla::MozPromise<nsTArray<RefPtr<mozilla::MediaData>>, mozilla::MediaResult, true>, RefPtr<mozilla::MozPromise<nsTArray<RefPtr<mozilla::MediaData>>, mozilla::MediaResult, true>> (mozilla::FFmpegDataDecoder<46465650>::*)(mozilla::MediaRawData*), mozilla::FFmpegDataDecoder<46465650>, mozilla::MediaRawData*>::Invoke() /builds/worker/workspace/obj-build/dist/include/mozilla/MozPromise.h:1547:47
    #8 0x7f97506d26ed in mozilla::detail::ProxyRunnable<mozilla::MozPromise<nsTArray<RefPtr<mozilla::MediaData>>, mozilla::MediaResult, true>, RefPtr<mozilla::MozPromise<nsTArray<RefPtr<mozilla::MediaData>>, mozilla::MediaResult, true>> (mozilla::FFmpegDataDecoder<46465650>::*)(mozilla::MediaRawData*), mozilla::FFmpegDataDecoder<46465650>, mozilla::MediaRawData*>::Run() /builds/worker/workspace/obj-build/dist/include/mozilla/MozPromise.h:1567:42
    #9 0x7f97497041cc in mozilla::TaskQueue::Runner::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskQueue.cpp:259:20
    #10 0x7f9749731bcb in nsThreadPool::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadPool.cpp:343:14
    #11 0x7f97497242d4 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1233:16
    #12 0x7f974972df84 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:477:10
    #13 0x7f974af3a9f4 in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:300:20
    #14 0x7f974adb7bc7 in RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:381:10
    #15 0x7f974adb7bc7 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:374:3
    #16 0x7f974adb7bc7 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:356:3
    #17 0x7f974971bb75 in nsThread::ThreadFunc(void*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:391:10
    #18 0x7f976bdeb628 in _pt_root /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:201:5
    #19 0x7f976c553b42 in start_thread nptl/pthread_create.c:442:8
    #20 0x7f976c5e59ff  misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Verified bug as reproducible on mozilla-central 20230313172201-a3447f709bef.
The bug appears to have been introduced in the following build range:

Start: 7d3600925e24a1c8cf634968d0afa43e41e00d1d (20220329114347)
End: ac056c06d8cac6a625c33f5d3e003548ccd2ec57 (20220329130731)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=7d3600925e24a1c8cf634968d0afa43e41e00d1d&tochange=ac056c06d8cac6a625c33f5d3e003548ccd2ec57

Set release status flags based on info from the regressing bug 1761471

:stransky, since you are the author of the regressor, bug 1761471, could you take a look?

For more information, please visit auto_nag documentation.

This falls back to DefaultColorSpace({mFrame->width, mFrame->height});

It's here:

https://searchfox.org/mozilla-central/rev/6fc2f6d5335fb6f70f780b5fea5ed77b0719c3b5/dom/media/platforms/ffmpeg/FFmpegVideoDecoder.cpp#1133

so from my understanding we should take 'default' path.

Not sure what to do with this bug. Alastor you reviewed the patch that regressed this, maybe you can have a look?

I think this is not an actually error, mFrame->colorspace is set by the ffmpeg, which is not something we can control. If that value is set to some incorrect value like this, we always use default path to handle the color space so there won't be any problem.

No valid actions for resolution (WONTFIX).
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.