requesting WebRTC team to check the issue and help.

Taking a quick look at this. The undefined behavior caught by this fuzzer can be "fixed" by replacing the << 2 with * 4, however I'm not sure this is completely correct. The test case is a "left shift of negative value -32363", which clearly won't fit in the 16 bit signed integer it's in, regardless if we use shifting or multiplication. I'll keep investigating.

The following revision refers to this bug:
  https://chromium.googlesource.com/external/webrtc.git/+/0eb19602a3a7bab20f31efe93f9de205106f5b48

commit 0eb19602a3a7bab20f31efe93f9de205106f5b48
Author: ossu <ossu@webrtc.org>
Date: Tue Nov 22 13:15:21 2016

ComfortNoise: Calculate used scale factor in Q13

BUG= chromium:666518 

Review-Url: https://codereview.webrtc.org/2519873003
Cr-Commit-Position: refs/heads/master@{#15189}

[modify] https://crrev.com/0eb19602a3a7bab20f31efe93f9de205106f5b48/webrtc/modules/audio_coding/codecs/cng/webrtc_cng.cc

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

ClusterFuzz has detected this issue as fixed in range 433878:433990.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4978839756472320

Fuzzer: libfuzzer_neteq_rtp_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  webrtc::ComfortNoiseDecoder::Generate
  webrtc::ComfortNoise::Generate
  webrtc::NetEqImpl::DoRfc3389Cng
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=424632:424679
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=433878:433990

Minimized Testcase (0.02 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96S43WzLTZA5Oknpb6GDYctjDPB9L788wMrYbVayphbTjvfbV0n_MUczsUjvuJ09ACXfJrgjyDD3najrVU-OymHgwcTcIEGtAqPuUlZxjS-cKjECmyD1oYH1f0_X2kWrCRwFlBm7EP6b3zZ3e93dK4GU2S1yw?testcase_id=4978839756472320

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

ClusterFuzz has detected this issue as fixed in range 433878:433990.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4978839756472320

Fuzzer: libfuzzer_neteq_rtp_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  webrtc::ComfortNoiseDecoder::Generate
  webrtc::ComfortNoise::Generate
  webrtc::NetEqImpl::DoRfc3389Cng
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=424632:424679
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=433878:433990

Minimized Testcase (0.02 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96S43WzLTZA5Oknpb6GDYctjDPB9L788wMrYbVayphbTjvfbV0n_MUczsUjvuJ09ACXfJrgjyDD3najrVU-OymHgwcTcIEGtAqPuUlZxjS-cKjECmyD1oYH1f0_X2kWrCRwFlBm7EP6b3zZ3e93dK4GU2S1yw?testcase_id=4978839756472320

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.