Should we ignore that crash found with a Debug build?

CC'ed a few OWNERS of src/base.

The DCHECK is that we're not appending a negative character and it's tripping.

There's a few json files in the blame list, maybe one of them is not valid?

Invalid JSON shouldn't result in a crash - the parser is run on JSON from remote sources, and it's allowed to fail.

base's JSONParser is not safe for parsing remote sources. //components/safe_json should be used for that.

I did not know that - regardless, both the file I modified are valid JSON (A presubmit check, which presumably requires they be valid JSON, whined at me not modifying one of them.  The other is used to build a C++ file of some sort, used at build time).

IIRC, rsesek@ is the most familiar with the JSON parser in base. I guess we added a fuzzer for this in the recent fuzzathon, so that's why we're seeing this (and not because of some new regression).

If safe_json is the safe json decoder...Why are we fuzzing the non-safe one?  https://cs.chromium.org/chromium/src/testing/libfuzzer/fuzzers/base_json_reader_fuzzer.cc?q=base_json_reader_fuzzer&sq=package:chromium&l=2&dr

I can take this.

Re #8: safe_json just runs the base decoder in a sandboxed process.

https://codereview.chromium.org/2321683003/

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/617caed52b42647f938ea49ad9afed9256078198

commit 617caed52b42647f938ea49ad9afed9256078198
Author: rsesek <rsesek@chromium.org>
Date: Wed Sep 07 23:54:47 2016

In base::JSONParser, check IsValidCharacter before decoding ASCII/UTF-8.

BUG= 644664 
R=dcheng@chromium.org

Review-Url: https://codereview.chromium.org/2321683003
Cr-Commit-Position: refs/heads/master@{#417121}

[modify] https://crrev.com/617caed52b42647f938ea49ad9afed9256078198/base/json/json_parser.cc
[modify] https://crrev.com/617caed52b42647f938ea49ad9afed9256078198/base/json/json_parser_unittest.cc

ClusterFuzz has detected this issue as fixed in range 416997:417261.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4567259358167040

Fuzzer: libfuzzer_base_json_reader_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: UNKNOWN
Crash Address: 0x03e900004bc2
Crash State:
  base::internal::JSONParser::StringBuilder::Append
  base::internal::JSONParser::ConsumeStringRaw
  base::internal::JSONParser::ConsumeString
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=415616:415651
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=416997:417261

Minimized Testcase (0.00 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv957RUfP2l7xPMA3iXfnxsVAoqeF6wm9mIQfwJuN-75_wGFjzxjNfYJNotboEIIq7MSxTAOsUH8mSomTm6bvqv8vGPSlKlhjZBi8peE6vqAKlROBHTYYJVLmEjLR-V8Rs3WlK8UT5fr0IPzZWE5aolNzWe0r3Q?testcase_id=4567259358167040
"\x-A


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

 Issue 665086  has been merged into this issue.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot