Found while fuzzing m-c 20230518-016166a0aefa (--enable-debug --enable-fuzzing)

To reproduce via Grizzly Replay:

$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch -d --fuzzing -n firefox
$ python -m grizzly.replay ./firefox/firefox testcase.mp4

Assertion failure: !mIterator->HasNext(), at /builds/worker/checkouts/gecko/dom/media/mp4/MP4Demuxer.cpp:471

#0 0x7f5a268f89e1 in mozilla::MP4TrackDemuxer::GetNextSample() /builds/worker/checkouts/gecko/dom/media/mp4/MP4Demuxer.cpp:471:7
#1 0x7f5a268f9fea in mozilla::MP4TrackDemuxer::GetSamples(int) /builds/worker/checkouts/gecko/dom/media/mp4/MP4Demuxer.cpp:524:35
#2 0x7f5a260c570f in operator() /builds/worker/checkouts/gecko/dom/media/MediaFormatReader.cpp:664:54
#3 0x7f5a260c570f in mozilla::detail::ProxyFunctionRunnable<mozilla::MediaFormatReader::DemuxerProxy::Wrapper::GetSamples(int)::'lambda'(), mozilla::MozPromise<RefPtr<mozilla::MediaTrackDemuxer::SamplesHolder>, mozilla::MediaResult, true>>::Run() /builds/worker/workspace/obj-build/dist/include/mozilla/MozPromise.h:1696:29
#4 0x7f5a222f23ec in mozilla::TaskQueue::Runner::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskQueue.cpp:259:20
#5 0x7f5a2230f0c5 in nsThreadPool::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadPool.cpp:343:14
#6 0x7f5a22305f2a in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1233:16
#7 0x7f5a2230c3fd in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:479:10
#8 0x7f5a22f5059e in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:300:20
#9 0x7f5a22e70d21 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:362:3
#10 0x7f5a22e70d21 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:344:3
#11 0x7f5a22301346 in nsThread::ThreadFunc(void*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:391:10
#12 0x7f5a35dcca0f in _pt_root /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:201:5
#13 0x7f5a35a94b42 in start_thread nptl/pthread_create.c:442:8
#14 0x7f5a35b269ff  misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Verified bug as reproducible on mozilla-central 20230518213154-3a125a6b7c3a.
The bug appears to have been introduced in the following build range:

Start: b73c33aa86e6f1f38549530aecd999c7827d380e (20230517144015)
End: 488a1a8b33a0c427f85d10224a2f8db913e22b16 (20230517175836)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=b73c33aa86e6f1f38549530aecd999c7827d380e&tochange=488a1a8b33a0c427f85d10224a2f8db913e22b16

Set release status flags based on info from the regressing bug 1817997

:padenot, since you are the author of the regressor, bug 1817997, could you take a look? Also, could you set the severity field?

For more information, please visit BugBot documentation.

Setting firefox115 to Fixed, the regressor Bug 1817997 was backed out of central.

Testcase crashes using the initial build (mozilla-central 20230518092544-016166a0aefa) but not with tip (mozilla-central 20230519115028-225c5ab0d999.)

The bug appears to have been fixed in the following build range:

Start: d976369464663a9147b82c82436afcaab1f61aec (20230519041011)
End: 225c5ab0d999e743db5298d125893ae0702884af (20230519115028)
Pushlog: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=d976369464663a9147b82c82436afcaab1f61aec&tochange=225c5ab0d999e743db5298d125893ae0702884af

tsmith, can you confirm that the above bisection range is responsible for fixing this issue?
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.

Oops I was using an old build.