Fix fuzzer found crash in new metadata code (#28278)

* Fix fuzzer found crash in new metadata code

* Fix memory leak

src/core/lib/transport/metadata_batch.h

@@ -238,7 +238,7 @@ struct NameLookup;
 template <typename Trait, typename... Traits>
 struct NameLookup<Trait, Traits...> {
   // Call op->Found(Trait()) if op->name == Trait::key() for some Trait in
-  // Traits. If not found, call op->NotFount().
+  // Traits. If not found, call op->NotFound().
   template <typename Op>
   static auto Lookup(absl::string_view key, Op* op)
       -> decltype(op->Found(Trait())) {
@@ -324,11 +324,13 @@ class AppendHelper {
   }
 
   GPR_ATTRIBUTE_NOINLINE void NotFound(absl::string_view key) {
-    GPR_ASSERT(GRPC_ERROR_NONE ==
-               container_->Append(grpc_mdelem_from_slices(
-                   grpc_slice_intern(
-                       grpc_slice_from_static_buffer(key.data(), key.length())),
-                   value_.TakeCSlice())));
+    grpc_mdelem elem =
+        grpc_mdelem_from_slices(grpc_slice_intern(grpc_slice_from_static_buffer(
+                                    key.data(), key.length())),
+                                value_.TakeCSlice());
+    if (!GRPC_LOG_IF_ERROR("AppendMetadata", container_->Append(elem))) {
+      GRPC_MDELEM_UNREF(elem);
+    }
   }
 
  private:

test/core/end2end/fuzzers/api_fuzzer_corpus/append

@@ -0,0 +1,33 @@
+actions {
+  create_channel {
+    channel_actions {}
+  }
+}
+actions {
+  create_call {
+    method {
+    value:
+      "contenttype"
+    }
+  }
+}
+actions {
+  queue_batch {
+    operations {
+      send_initial_metadata {
+        metadata {
+          key {
+          value:
+            "content-type"
+          }
+        }
+        metadata {
+          key {
+          value:
+            "content-type"
+          }
+        }
+      }
+    }
+  }
+}