Predator has provided the two possible suspects for this issue

Suspect CL : https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/019ab88a95cb31b698506d90e8ce56695a7f1cc5

Unable to find the author in the owners list, hence CC'ing author

anton@-- Could you please look into the issue, kindly re-assign if this is not related to your changes.

kkaluri@ please take care not to cc folks outside the Chromium project, please just assign to the media label first to avoid spamming external owners unnecessarily -- they aren't able to access ClusterFuzz. 

Anton, if you do take a look the trace is:

../../third_party/ffmpeg/libavutil/frame.c:868:44: runtime error: signed integer overflow: 5 + 2147483647 cannot be represented in type 'int'
 #0 0x7f4088a673ab in av_frame_apply_cropping third_party/ffmpeg/libavutil/frame.c:868:44
 #1 0x7f40889ba2d1 in apply_cropping third_party/ffmpeg/libavcodec/decode.c:709:12
 #2 0x7f40889ba2d1 in avcodec_receive_frame third_party/ffmpeg/libavcodec/decode.c:736
#3 0x7f40889ba712 in compat_decode third_party/ffmpeg/libavcodec/decode.c:781:15

Hi,
Quoting dalecur… via monorail (2017-10-12 18:12:05)

From a brief look at the code I don't see how it can happen, since
1) the data and the linesize must be aligned to 32
2) if any offset is not aligned to 32, then left cropping must be non-zero
3) if left cropping is non-zero, then log2_crop_align is smaller than
   sizeof(int)*8, so no overflow can happen

Are you sure the data and linesize is properly aligned?

Here's the minimized test case if you want to try a local repro. I haven't gone through the code yet.

Deleted: clusterfuzz-testcase-minimized-6019102954225664.ogg 658 KB

clusterfuzz-testcase-minimized-6019102954225664.ogg 658 KB Download

Will see if I can get this in the M64 roll, otherwise will transfer to Dan.

@anton: Indeed our linesize was not aligned to 32. I've changed that and it resolves the issue. Thanks.

Fix in CQ, so tagging only with M64 roll.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a648b776f80a5039f7a78558b3acfb68975071dc

commit a648b776f80a5039f7a78558b3acfb68975071dc
Author: Dale Curtis <dalecurtis@chromium.org>
Date: Thu Nov 30 22:49:04 2017

Increase VideoFrame stride alignment to 32; required by ffmpeg.

Per code inspection and commentary from ffmpeg developers, we
need to be using a stride that is aligned to 32 for software
video frames.

It seems at somepoint we might be able to use av_cpu_max_align(),
but even ffmpeg doesn't follow this internally and has exceptions
for when H264 content is used, so just leave a TODO for now.

BUG= 773673 
TEST=no more ubsan failure.

Change-Id: I012bf7ca5531559df63061fc1edc9fdeaebf4c08
Reviewed-on: https://chromium-review.googlesource.com/801775
Reviewed-by: Dan Sanders <sandersd@chromium.org>
Commit-Queue: Dale Curtis <dalecurtis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#520727}
[modify] https://crrev.com/a648b776f80a5039f7a78558b3acfb68975071dc/media/base/video_frame.cc
[modify] https://crrev.com/a648b776f80a5039f7a78558b3acfb68975071dc/media/base/video_frame.h

ClusterFuzz has detected this issue as fixed in range 520688:520730.

Detailed report: https://clusterfuzz.com/testcase?key=6019102954225664

Fuzzer: ochang_search_index_mutator
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  av_frame_apply_cropping
  apply_cropping
  avcodec_receive_frame
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=507837:507876
Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=520688:520730

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6019102954225664

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6019102954225664 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.