Predator and CL could not provide any possible suspects.
Using the code search for the file, “oggdec.c” assigning to concern owner from GIT blame.
Suspecting Commit#
https://chromium.googlesource.com/chromium/third_party/ffmpeg.git/+/41a52ec81592def92b7c40230b6d6b3863e9a5ad

@dalecurtis -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes.
Thank You.

Probably this is just duplicate allocation of the extradata, so wherever ff_alloc_extradata() is being called you can just add an av_freep(&extradata) before it. I've landed a few of these patches already.

@#3 Yep, that's the problem. flac_header needs to av_freep prior to ff_alloc_extradata. Thanks for the info.

I have a local repro on rodete (configure --toolchain=clang-asan) upstream ffplay (with the specific ASAN_OPTIONS).

Downstream fix is in review: https://chromium-review.googlesource.com/c/chromium/third_party/ffmpeg/+/949415

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/4468d4967f5dd6a733860af355ef61095b5cd5b1

commit 4468d4967f5dd6a733860af355ef61095b5cd5b1
Author: Matt Wolenetz <wolenetz@chromium.org>
Date: Mon Mar 05 20:56:24 2018

lavf/oggparseflac: Free flac extradata before reallocating.

Otherwise ff_alloc_extradata() just leaks any existing allocated
memory.

BUG= 789835 

Change-Id: I8e1c21a16749d28c7f050f5f5d8bffda3b419638
Reviewed-on: https://chromium-review.googlesource.com/949415
Reviewed-by: Xiaohan Wang <xhwang@chromium.org>

[modify] https://crrev.com/4468d4967f5dd6a733860af355ef61095b5cd5b1/libavformat/oggparseflac.c
[modify] https://crrev.com/4468d4967f5dd6a733860af355ef61095b5cd5b1/chromium/patches/README

I've send #7 upstream: https://patchwork.ffmpeg.org/patch/7816/

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/8330bbfd246ec4db92ed9afb8cc862963a749d77

commit 8330bbfd246ec4db92ed9afb8cc862963a749d77
Author: Matt Wolenetz <wolenetz@chromium.org>
Date: Tue Mar 06 18:47:33 2018

Roll src/third_party/ffmpeg/ ef99a5d25..4468d4967 (1 commit)

https://chromium.googlesource.com/chromium/third_party/ffmpeg.git/+log/ef99a5d2520f..4468d4967f5d

$ git log ef99a5d25..4468d4967 --date=short --no-merges --format='%ad %ae %s'
2018-03-05 wolenetz lavf/oggparseflac: Free flac extradata before reallocating.

Created with:
  roll-dep src/third_party/ffmpeg
BUG= 789835 
TBR=xhwang@chromium.org

Change-Id: Ic056e574e67ecbb808cc70e91a8ee112afcffb0d
Reviewed-on: https://chromium-review.googlesource.com/950066
Reviewed-by: Matthew Wolenetz <wolenetz@chromium.org>
Reviewed-by: Xiaohan Wang <xhwang@chromium.org>
Commit-Queue: Matthew Wolenetz <wolenetz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#541160}
[modify] https://crrev.com/8330bbfd246ec4db92ed9afb8cc862963a749d77/DEPS

Upstream might do this more generally, like so: https://patchwork.ffmpeg.org/patch/7820/

ClusterFuzz has detected this issue as fixed in range 541159:541164.

Detailed report: https://clusterfuzz.com/testcase?key=5618304348848128

Fuzzer: libFuzzer_media_pipeline_integration_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  av_malloc
  ff_alloc_extradata
  ogg_packet
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=425682:425723
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=541159:541164

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5618304348848128

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5618304348848128 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.