Findit-result:
==============
Suspected CLs	The result is a list of CLs that change the crashed files.

Author: kcc
Project: chromium-libfuzzer
Changelist: https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer.git/+/d670c44f3b5ca411d3fa4a5a5531703a3a380173
Time: Thu May 26 22:17:32 2016
Lines 509-519 of file FuzzerLoop.cpp which potentially caused crash are changed in this cl (frame #2, "fuzzer::Fuzzer::ExecuteCallback").
Minimum distance from crash line to modified line: 0. (file: FuzzerLoop.cpp, crashed on: 512, modified: 512).

Author: kcc
Project: chromium-libfuzzer
Changelist: https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer.git/+/87d0bb603af63d90825651776c01a65c272a99b9
Time: Fri May 27 00:21:33 2016
Lines 509, 525 of file FuzzerLoop.cpp which potentially caused crash are changed in this cl (frame #2, "fuzzer::Fuzzer::ExecuteCallback").
Minimum distance from crash line to modified line: 0. (file: FuzzerLoop.cpp, crashed on: 525, modified: 525).

Author: kcc
Project: chromium-libfuzzer
Changelist: https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer.git/+/b143676fff8e17e108f5d05566b3e958320514cf
Time: Fri May 27 00:54:15 2016
Lines 510, 515 of file FuzzerLoop.cpp which potentially caused crash are changed in this cl (frame #2, "fuzzer::Fuzzer::ExecuteCallback").
Minimum distance from crash line to modified line: 0. (file: FuzzerLoop.cpp, crashed on: 515, modified: 515).

Author: delcypher
Project: chromium-libfuzzer
Changelist: https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer.git/+/b245701568c51d63a6c017ef76906f5199726d9d
Time: Thu Jun 02 05:48:02 2016
Lines 21 of file FuzzerMain.cpp which potentially caused crash are changed in this cl (frame #6, "main").

Files FuzzerLoop.cpp, FuzzerDriver.cpp are changed in this cl (and is part of stack frame #2, "fuzzer::Fuzzer::ExecuteCallback"; frame #3, "fuzzer::Fuzzer::RunOne")
Minimum distance from crash line to modified line: 0. (file: FuzzerMain.cpp, crashed on: 21, modified: 21).

Suspected Project: chromium-libfuzzer

kcc@: Could you please take a look at this and help in investigating this further.

Thank you!

ajha@, the changes above are the improvements to the fuzzer that have probably caused this bug to get discovered. Or maybe the fuzzing simple had more time to discover bugs. 

The bug is in media::H264Parser::ParseSPS,
please assign accordingly. 

Thanks kcc@ for the update.

jrummell@: Could this be related to https://codereview.chromium.org/1865203002.

Please help in finding an appropriate owner if the change is unrelated. 

ClusterFuzz has detected this issue as fixed in range 416303:416379.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6178217318940672

Fuzzer: libfuzzer_media_h264_parser_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  media::H264Parser::ParseSPS
  _start
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=397693:397764
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=416303:416379

Minimized Testcase (0.12 Kb): https://cluster-fuzz.appspot.com/download/AMIfv972qNA8fIZz3EEFhW6PqdWad1EVqmTM0iUUvgpgEqtW5teH--FTkb6DpWgTIJERsX7TwVljqpyg9Sp7l5K-FTKPMAp1WMJ4jZdnzYnowUmVqyOHyHn_A1zb3aREs3Prc3cg2xEeP_mARLY4WS3D6ZlllBRXMw?testcase_id=6178217318940672

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot