Unable to provide possible suspect using Predator, CL and Code Search.
Could someone please look into the issue.
Thank You.

Looking at the trace, it is happening in libavcodec/libavutil (via ffmpeg).
Forwarding to FFmpeg so people familiar with the code can take a look.

Chris can you identify if this is new or not with the roll and fix if so?

Will do.

For more information, please see https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md.

The link referenced in the description is no longer valid.

Fixed in M64 roll per stats on CF. I've clicked redo on fixed. I don't think we can merge a patch for M63, but this isn't high priority.

ClusterFuzz testcase 5543269835735040 is still reproducing on tip-of-tree build (trunk).

Please re-test your fix against this testcase and if the fix was incorrect or incomplete, please re-open the bug. Otherwise, ignore this notification and add ClusterFuzz-Wrong label.

Not fixed after all I guess.

Note: This issue continues to reproduce after the M65 FFmpeg roll. (Note to whoever is picking this up: make sure to set ASAN_OPTIONS as specified.)

I have a local repro on rodete (configure --toolchain=clang-asan) with the specific ASAN_OPTIONS.

Note: upstream ffplay rejects the repro case early, so we'll probably need to figure this out downstream and then upstream the fix if possible.

Downstream fix is in review: https://chromium-review.googlesource.com/c/chromium/third_party/ffmpeg/+/950227

@#12, to get a better initial review, I'll send my fix upstream first.

Upstreaming attempt started: https://patchwork.ffmpeg.org/patch/7818/

ClusterFuzz testcase 5543269835735040 is flaky and no longer crashes, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This is not yet fixed downstream.

Upstream took my patch verbatim.
Upstream https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/b59b59944693e645cdcf5e61b60f288820fe48c3 should fix this during the M67 roll tracked by  bug 803898 .

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3a1d00c3ef1de6fcc959696e2a1ff11f901e4720

commit 3a1d00c3ef1de6fcc959696e2a1ff11f901e4720
Author: Matt Wolenetz <wolenetz@chromium.org>
Date: Thu Mar 15 22:54:10 2018

Roll src/third_party/ffmpeg/ 4468d4967..02ec9ce5a (389 commits)

https://chromium.googlesource.com/chromium/third_party/ffmpeg.git/+log/4468d4967f5d..02ec9ce5a9bc

$ git log 4468d4967..02ec9ce5a --date=short --no-merges --format='%ad %ae %s'
2018-03-13 wolenetz Updating build configs for M67 roll.
2018-03-13 wolenetz Update build_ffmpeg.py's sysroot name for M67
2018-03-13 wolenetz Remove deprecated av_register_all from ffmpeg.sigs
2018-03-13 wolenetz Copy [de]muxer, codec and parser lists into configs
2018-03-12 wolenetz Update chromium patches README
2018-03-12 vdixit avformat/hlsenc: fix for zero EXTINF tag duration
2018-03-12 matthieu.bouron avcodec/mediacodecdec_common: make INFO_TRY_AGAIN trace messages more consistent
2018-03-10 aman avcodec/mediacodecdec: add debug logging around hw buffer lifecycle
2018-02-27 michael avcodec/nuv: rtjpeg with dimensions less than 16 would result in no decoded pixels thus reject it
2018-02-27 michael avcodec/nuv: Check for minimum input size for uncomprssed and rtjpeg
(...)

Created with:
  roll-dep src/third_party/ffmpeg

Includes removal of FFmpegGlue::InitializeFFmpeg() because
av_register_all is no longer needed (and is deprecated in FFmpeg).

BUG= 803898 ,  772699 ,  786793 ,  791237 ,  791349 ,  795653 ,  796778 ,  800123 ,  817338 

Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
Change-Id: I94ccecab95831174a3bae6e9a8422e10bfec8e85
Reviewed-on: https://chromium-review.googlesource.com/964248
Reviewed-by: Dale Curtis <dalecurtis@chromium.org>
Reviewed-by: Xiaohan Wang <xhwang@chromium.org>
Reviewed-by: Sergey Ulanov <sergeyu@chromium.org>
Commit-Queue: Matthew Wolenetz <wolenetz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#543531}
[modify] https://crrev.com/3a1d00c3ef1de6fcc959696e2a1ff11f901e4720/DEPS
[modify] https://crrev.com/3a1d00c3ef1de6fcc959696e2a1ff11f901e4720/content/renderer/media/webrtc/peer_connection_dependency_factory.cc
[modify] https://crrev.com/3a1d00c3ef1de6fcc959696e2a1ff11f901e4720/media/cdm/library_cdm/clear_key_cdm/clear_key_cdm.cc
[modify] https://crrev.com/3a1d00c3ef1de6fcc959696e2a1ff11f901e4720/media/ffmpeg/ffmpeg_common_unittest.cc
[modify] https://crrev.com/3a1d00c3ef1de6fcc959696e2a1ff11f901e4720/media/filters/ffmpeg_audio_decoder.cc
[modify] https://crrev.com/3a1d00c3ef1de6fcc959696e2a1ff11f901e4720/media/filters/ffmpeg_glue.cc
[modify] https://crrev.com/3a1d00c3ef1de6fcc959696e2a1ff11f901e4720/media/filters/ffmpeg_glue.h
[modify] https://crrev.com/3a1d00c3ef1de6fcc959696e2a1ff11f901e4720/media/filters/ffmpeg_video_decoder.cc
[modify] https://crrev.com/3a1d00c3ef1de6fcc959696e2a1ff11f901e4720/media/filters/ffmpeg_video_decoder_unittest.cc
[modify] https://crrev.com/3a1d00c3ef1de6fcc959696e2a1ff11f901e4720/media/gpu/video_encode_accelerator_unittest.cc

ClusterFuzz has detected this issue as fixed in range 543528:543541.

Detailed report: https://clusterfuzz.com/testcase?key=5543269835735040

Fuzzer: libFuzzer_mediasource_WEBM_VORBIS_pipeline_integration_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Indirect-leak
Crash Address: 
Crash State:
  av_realloc_f
  alloc_table
  build_table
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=499800:499873
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=543528:543541

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5543269835735040

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.