Found while fuzzing m-c 20220419-ba973417adb8 (--enable-debug --enable-fuzzing)

To reproduce via Grizzly Replay:

$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch -d --fuzzing -n firefox
$ python -m grizzly.replay ./firefox/firefox testcase.webm

Assertion failure: wroteSequenceHeader, at /builds/worker/checkouts/gecko/dom/media/platforms/wrappers/MediaChangeMonitor.cpp:388

#0 0x7fddf38ad3a7 in mozilla::AV1ChangeMonitor::CheckForChange(mozilla::MediaRawData*) /builds/worker/checkouts/gecko/dom/media/platforms/wrappers/MediaChangeMonitor.cpp:388:5
#1 0x7fddf38a1ed0 in mozilla::MediaChangeMonitor::CheckForChange(mozilla::MediaRawData*) /builds/worker/checkouts/gecko/dom/media/platforms/wrappers/MediaChangeMonitor.cpp:799:36
#2 0x7fddf38a18d4 in mozilla::MediaChangeMonitor::Decode(mozilla::MediaRawData*) /builds/worker/checkouts/gecko/dom/media/platforms/wrappers/MediaChangeMonitor.cpp:507:20
#3 0x7fddf38b8b40 in operator() /builds/worker/checkouts/gecko/dom/media/platforms/wrappers/MediaDataDecoderProxy.cpp:31:33
#4 0x7fddf38b8b40 in mozilla::detail::ProxyFunctionRunnable<mozilla::MediaDataDecoderProxy::Decode(mozilla::MediaRawData*)::$_18, mozilla::MozPromise<nsTArray<RefPtr<mozilla::MediaData> >, mozilla::MediaResult, true> >::Run() /builds/worker/workspace/obj-build/dist/include/mozilla/MozPromise.h:1645:29
#5 0x7fddefb947ce in mozilla::TaskQueue::Runner::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskQueue.cpp:196:20
#6 0x7fddefbaf9ef in nsThreadPool::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadPool.cpp:310:14
#7 0x7fddefba6879 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1174:16
#8 0x7fddefbacffd in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:465:10
#9 0x7fddf075702b in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:300:20
#10 0x7fddf0673647 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:380:10
#11 0x7fddf0673552 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:373:3
#12 0x7fddf0673552 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:355:3
#13 0x7fddefba1e86 in nsThread::ThreadFunc(void*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:378:10
#14 0x7fde057a2a57 in _pt_root /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:201:5
#15 0x7fde0651c608 in start_thread /build/glibc-sMfBJT/glibc-2.31/nptl/pthread_create.c:477:8
#16 0x7fde060e3162 in __clone /build/glibc-sMfBJT/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Recently added assertion, so assuming related to that?

Set release status flags based on info from the regressing bug 1757861

Bugmon Analysis
Verified bug as reproducible on mozilla-central 20220421152318-c95859201259.
The bug appears to have been introduced in the following build range:

Start: 49081419801e1614f03b3cd4a92987cbdcfe16e5 (20220410203051)
End: 6f97064ebae745b0a85cab06a1e81782ef66c2f1 (20220411024030)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=49081419801e1614f03b3cd4a92987cbdcfe16e5&tochange=6f97064ebae745b0a85cab06a1e81782ef66c2f1

Working on a fix for this, looks like the second sequence header OBU in that file was being read successfully due to my allowing a couple flags to break AV1 spec. I'll tighten that up and improve its error reporting so that it can fail at read instead of when it reaches that write assertion, since it should never be failing to write the sequence header information by that point.

Rather than passing corrupted samples to a decoder, MediaChangeMonitor will now throw a decoding error if parsing fails, and a useful message will be printed to the developer console indicating what caused the issue.

Depends on D144383

https://hg.mozilla.org/mozilla-central/rev/539c405f170f
https://hg.mozilla.org/mozilla-central/rev/e1f8d5220ad0

Bugmon Analysis
Verified bug as fixed on rev mozilla-central 20220427213431-23768574eb6d.
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.