diff --git a/webrtc/modules/audio_coding/codecs/isac/fix/source/pitch_filter.c b/webrtc/modules/audio_coding/codecs/isac/fix/source/pitch_filter.c
index 65d099d36a..13c3899c67 100644
--- a/webrtc/modules/audio_coding/codecs/isac/fix/source/pitch_filter.c
+++ b/webrtc/modules/audio_coding/codecs/isac/fix/source/pitch_filter.c
@@ -109,6 +109,13 @@ void WebRtcIsacfix_PitchFilter(int16_t* indatQQ, // Q10 if type is 1 or 4,
       curGainQ12 += gaindeltaQ12;
       curLagQ7 += lagdeltaQ7;
       indW32 = CalcLrIntQ(curLagQ7, 7);
+      if (indW32 < PITCH_FRACORDER - 2) {
+        // WebRtcIsacfix_PitchFilterCore requires indW32 >= PITCH_FRACORDER -
+        // 2; otherwise, it will read from entries of ubufQQ that haven't been
+        // written yet. (This problem has only been seen in fuzzer tests, not
+        // in real life.) See Chromium bug 581901.
+        indW32 = PITCH_FRACORDER - 2;
+      }
       frcQQ = ((indW32 << 7) + 64 - curLagQ7) >> 4;
 
       if (frcQQ == PITCH_FRACS) {