Assigning to dalecurtis for further triage.

i can repro this locally.  will take a look.

flac parser isn't checking that avio_read is reading the requested 4 byte flac block header (flacdec.c:68).  the uninitialized buffer is then being used to construct the requested av_malloc size.

will send to michael to see if he agrees, then cherry-pick from upstream.

ClusterFuzz has detected this issue as fixed in range 447059:447171.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5089927294615552

Fuzzer: libfuzzer_media_pipeline_integration_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  av_malloc
  av_mallocz
  flac_read_header
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=413228:413328
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=447059:447171

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97PNjZoRGfQ4Xi_TQ7lwjdKh1-Ll2qE9x4zwmXBNcXhh3Vctv87WrEwcJ1HIrPn2vvgjo4NfoMULgr8k_OK_Y8mAmjIoyaRN2MaZFEhDEt3mXa_6KVsGyqaqFkQsFB4qDCQ6LOxo6k7jy8jhh3j1KNmqtgHkUDu4tNzRuRn5KAN-Z6sMdDe3oKUY08NMVoT0QMSd4n-lfYhwWLCgFuOifSLA83hprf3RkeCIyWx-A_oMGxidKSObz7YfZqniE-nGplM3yK56wkPGJqnJITk4YxAPiVQNm1sHpc5jZ6WULRqH3ej-Fl8HZPv2AFuUCYZuWzQeNGYZNoEb8LqsL9X97hb731BnrAavQUMM7OW41kg8pXlSi8?testcase_id=5089927294615552


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5089927294615552 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot