This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Empirically, this code is safe. The array isn't filled with zeroes or anything, but the CLD code fills in the language values before the check of the contents at line 107. Since it's just an equality check, this shouldn't be capable of causing a crash; the worst thing that could happen is that we'd identify the wrong language for translation.

The change that caused the regression is rkaplow@'s:
https://chromium.googlesource.com/chromium/src/+/80f25b767e1a4b060f085b82e32f016ea4db881e

I think we can just initialize the array and this should go away.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5843696548839424

Fuzzer: inferno_twister
Job Type: linux_msan_chrome
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  ==8==WARNING:
  translate::DeterminePageLanguage
  translate::TranslateHelper::PageCapturedImpl
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=391244:391280

Minimized Testcase (48.74 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96gbQD2KPGOy7jrGUu59mdG6iS-EQxaBGQWOadqZ4IQjW1xPdVKQXQCoG8HcE2dNwrm4r2g42ItXlWJdD6Dbpv-NWbsD0fqcuLvhxXJrCjfTPxh6-pG01HQjnWOFlZYfwjhbaUt2UsyUg3_4vce8-GlqI9c5FPGqPjtzJjzGuwGAM522L4

Additional requirements: Requires HTTP

Filer: mmoroz

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5843696548839424

Fuzzer: inferno_twister
Job Type: linux_msan_chrome
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  ==8==WARNING:
  translate::DeterminePageLanguage
  translate::TranslateHelper::PageCapturedImpl
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=391244:391280

Minimized Testcase (48.74 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96gbQD2KPGOy7jrGUu59mdG6iS-EQxaBGQWOadqZ4IQjW1xPdVKQXQCoG8HcE2dNwrm4r2g42ItXlWJdD6Dbpv-NWbsD0fqcuLvhxXJrCjfTPxh6-pG01HQjnWOFlZYfwjhbaUt2UsyUg3_4vce8-GlqI9c5FPGqPjtzJjzGuwGAM522L4

Additional requirements: Requires HTTP

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

https://codereview.chromium.org/1964823003

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/875061e4f515021649992139a8eb0a85104b13ad

commit 875061e4f515021649992139a8eb0a85104b13ad
Author: andrewhayden <andrewhayden@chromium.org>
Date: Wed May 11 07:26:48 2016

Initialize CLD score/language arrays prior to use, for pedantic safety.

BUG= 609097 

Review-Url: https://codereview.chromium.org/1964823003
Cr-Commit-Position: refs/heads/master@{#392872}

[modify] https://crrev.com/875061e4f515021649992139a8eb0a85104b13ad/components/translate/core/language_detection/language_detection_util.cc

This should now be fixed.

ClusterFuzz has detected this issue as fixed in range 392626:393388.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5194958088175616

Fuzzer: libfuzzer_language_detection_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  DetermineTextLanguage
  translate::DeterminePageLanguage
  LLVMFuzzerTestOneInput
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=391220:391272
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=392626:393388

Minimized Testcase (0.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95jUpD6g_a1eIlFX_F1vf_uSJf_GfmVjDtlAH5XKDOR425T1W7y1VarzuNKyNG7u_oAA7tgfP3f4fayCnsIC_ycs87s4FIQli4-S2AIsbCFFALiGCLZc-IyKmmtcZ-GVGQlO_6xcWiIci1XXBELvLXfqHnYSA

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot