By comparing the stack trace this issue looks similar to  bug 643783 , hence assigning to the same owner for more updates on this issue.

kwiberg@ Could you please take a look in to this issue?

Thanks!

The following revision refers to this bug:
  https://webrtc.googlesource.com/src.git/+/6f3d01c829c28d8910ad63e61693bd8b9fbba06a

commit 6f3d01c829c28d8910ad63e61693bd8b9fbba06a
Author: Karl Wiberg <kwiberg@webrtc.org>
Date: Thu Apr 26 13:38:57 2018

"Fix" signed integer overflow in old code

It's safe to ignore this overflow since it only affects audio data,
not indices or anything like that.

Bug:  chromium:835637 
Change-Id: I60162e4627b08d5e3ba3a21fdae8087f098c7e46
Reviewed-on: https://webrtc-review.googlesource.com/72701
Reviewed-by: Henrik Lundin <henrik.lundin@webrtc.org>
Commit-Queue: Karl Wiberg <kwiberg@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#23030}
[modify] https://crrev.com/6f3d01c829c28d8910ad63e61693bd8b9fbba06a/modules/audio_coding/codecs/ilbc/cb_construct.c

That CL fixes the bug for me locally.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6bed49f3ea231eb857732fd593f74ac97657017e

commit 6bed49f3ea231eb857732fd593f74ac97657017e
Author: webrtc-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com <webrtc-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Date: Thu Apr 26 18:49:13 2018

Roll src/third_party/webrtc/ ff61273c0..775d07e27 (6 commits)

https://webrtc.googlesource.com/src.git/+log/ff61273c010c..775d07e27769

$ git log ff61273c0..775d07e27 --date=short --no-merges --format='%ad %ae %s'

Created with:
  roll-dep src/third_party/webrtc
BUG=chromium:None,chromium:835637,chromium:None,chromium:836790


The AutoRoll server is located here: https://webrtc-chromium-roll.skia.org

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, please contact the current sheriff, who should
be CC'd on the roll, and stop the roller if necessary.


CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_archive_rel_ng;master.tryserver.chromium.mac:mac_chromium_archive_rel_ng
TBR=webrtc-chromium-sheriffs-robots@google.com

Change-Id: Ibba9cc2f30a1452da6abcf7b3dfe64a8a91376e8
Reviewed-on: https://chromium-review.googlesource.com/1030627
Reviewed-by: webrtc-chromium-autoroll <webrtc-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Commit-Queue: webrtc-chromium-autoroll <webrtc-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#554100}
[modify] https://crrev.com/6bed49f3ea231eb857732fd593f74ac97657017e/DEPS

ClusterFuzz has detected this issue as fixed in range 554080:554104.

Detailed report: https://clusterfuzz.com/testcase?key=6424652893913088

Fuzzer: libFuzzer_audio_decoder_ilbc_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  WebRtcIlbcfix_CbConstruct
  WebRtcIlbcfix_DecodeResidual
  WebRtcIlbcfix_DecodeImpl
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=395640:395746
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=554080:554104

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6424652893913088

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6424652893913088 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.