Regression CL::
===============
https://chromium.googlesource.com/chromium/src/+log/464b8b897b807b06d8994ccc38867f01c3fe16a4..ee1e90c49ebd7bd9204ffd601be18fdf1db87750?pretty=fuller

Possible suspect from the above CL
https://codereview.chromium.org/2026113002

aizatsky@ could you please look into this issue if it is related to your change,else please route this to an appropriate owner for this issue.

Thanks,

Moving this nonessential bug to the next milestone.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

My change simply made the fuzzer effective. It doesn't change the target
library but simply enabled our infrastructure to uncover the issue.

Max, is there anyone responsible for expat?

No, we don't have anyone responsible for expat :(

Moreover, I cannot find any usage of expat in the repo:

https://cs.chromium.org/search/?q=%22expat.h%3E%22&sq=package:chromium&type=cs - these files should be using a system version

May be only this one: https://cs.chromium.org/chromium/src/third_party/webrtc/libjingle/xmllite/BUILD.gn?q=expat+file:%5Esrc/third_party/webrtc/libjingle/xmllite/&sq=package:chromium&l=40&dr=C

tommi@, since you are one of the OWNERS of webrtc and webrtc/libjingle, and given that webrtc/libjingle looks like the only usage of //third_party/expat, let me assign this to you.


My suggestion is:

If we need to have expat in the repo, we should assign an owner for that.
Otherwise it seems to be a good chance to get rid of expat.

Peter - can you take a look?

ClusterFuzz has detected this issue as fixed in range 411369:411551.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5043878801702912

Fuzzer: libfuzzer_expat_xml_parse_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  little2_prologTok
  prologProcessor
  XML_ParseBuffer
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=397275:397295
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=411369:411551

Minimized Testcase (0.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv963lAfsjq-2OFSvcgTwCrb6moMoY5X_VOCc7z9lOdsXbdvz6Jy9jqIu0964Hy1HVBYcXvppze2TORh52s83e-ZH1OPM-_nvM8dgklv4tq6rXxW39MZkJTiLcsLrvNpSQULRwX6UAagoUJ0gDMYa35ZNOgqI7w?testcase_id=5043878801702912

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot