henrika@, git blame shows that you've touched stack frames #1 and #3 some time ago. Would you mind taking a look or suggesting another owner?

henrike != henrika, and those commits were just code moving (as was mine in frame #2)

pthatcher@, is your team owning stun? As far as I can tell the fuzzing setup looks correct and everything parsed should go out of scope and be deleted. Leak happens in here:

https://chromium.googlesource.com/external/webrtc/+/1d4fefbbaf056492096e9e8a689550c6b7c49fe9/webrtc/test/fuzzers/stun_parser_fuzzer.cc#26

Thanks a lot Peter for helping to triage WebRTC crashes!

The memory leak happened here. https://cs.chromium.org/chromium/src/third_party/webrtc/p2p/base/stun.cc?rcl=1474384719&l=352
If the read returns true, the attr is added to the vector and will be released when the vector is released. 
But if the read returns false, the created attr will not be release. 

The following revision refers to this bug:
  https://chromium.googlesource.com/external/webrtc.git/+/3e02430587370ba7e02cd6eec4970fdd6e1ea2c2

commit 3e02430587370ba7e02cd6eec4970fdd6e1ea2c2
Author: Honghai Zhang <honghaiz@webrtc.org>
Date: Thu Sep 22 16:52:16 2016

Fix a stun attribute leak.

In https://cs.chromium.org/chromium/src/third_party/webrtc/p2p/base/stun.cc?rcl=1474384719&l=352,
if read returned false, the created attr would not be released.

BUG= chromium:648064 
R=skvlad@webrtc.org

Review URL: https://codereview.webrtc.org/2357733002 .

Cr-Commit-Position: refs/heads/master@{#14357}

[modify] https://crrev.com/3e02430587370ba7e02cd6eec4970fdd6e1ea2c2/webrtc/p2p/base/stun.cc

ClusterFuzz has detected this issue as fixed in range 422768:422805.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5067713573814272

Fuzzer: libfuzzer_stun_parser_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  cricket::StunAttribute::Create
  cricket::StunMessage::CreateAttribute
  cricket::StunMessage::Read
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=419151:419211
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=422768:422805

Minimized Testcase (0.08 Kb): https://cluster-fuzz.appspot.com/download/AMIfv976oKbefdSapinsJ95dTYgdUh_WtwGDWl7c704_B-k1XhhIaoyDYrHeXPIqb0HPo7wZhQGozm2-6L5ZxQqD4cYEERNgGmmliRvvDDaboVUvN3jbvkk7BO09YsM3AUX3m3gh_ufKh_vkVsVYv8_7ppfAflFIOA?testcase_id=5067713573814272

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Can the owner please set a milestone label to this issue?

FYI, the last CL associated with this issue has been added after the M54 branch was created and before the M55 branch was created, so perhaps it should be labelled as M55?

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot