This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Seems to be caused by: http://crrev.com/2692813002

The change was reverted earlier this morning in https://codereview.chromium.org/2730053002/.

I had fixed the uninitialized value when setting ServerPushDelegate, relanded the cl in https://chromium.googlesource.com/chromium/src/+/f04bd2c84154b59a3d870993051df4be0b13964f.

Unfortunately I couldn't access the Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97CKgxylXtA2IoZ3bRg9U0Q0M32GKw7HFMuVzntE3HrE5rmhDbBuGo5W1LS2m3DaxAD2XVodmJcj0J3gUdqYzZg66QCARgBrSYljshbsS9XjUQ9UzZEiDsT30SIhQm2oTQnAqokM6kwYxdoxe1PhlqGM7VFPpUd3LD8X7iBFB74ahPjd88qtpMrCoyVte4ln48YWbbpXpdoEe8GC8AAdmnDSz1Rj9b9ekeIkqGnbL1QyKHdsl7VIg0LHHZCzuWQnbninwRbSG9rhtLL0tCJP53IMIR1McC8iK5Dsa8f7y0cbGCQt_Hr62YDRyM-6-GbJ8UO0PKxS35Arsxk8hrXmZEVuVeeIOov2ioEgqq4Gzt0KC61AhQ?testcase_id=6082209040826368

Can you say something more on Additional requirements: Requires HTTP? And why does it mean by saying security regression.

ClusterFuzz has detected this issue as fixed in range 454553:454566.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6082209040826368

Fuzzer: therealholden_worker
Job Type: linux_msan_content_shell_drt
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  net::HttpNetworkSession::SetServerPushDelegate
  net::HttpCache::HttpCache
  net::HttpCache::HttpCache
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_content_shell_drt&range=454456:454459
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_content_shell_drt&range=454553:454566

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97CKgxylXtA2IoZ3bRg9U0Q0M32GKw7HFMuVzntE3HrE5rmhDbBuGo5W1LS2m3DaxAD2XVodmJcj0J3gUdqYzZg66QCARgBrSYljshbsS9XjUQ9UzZEiDsT30SIhQm2oTQnAqokM6kwYxdoxe1PhlqGM7VFPpUd3LD8X7iBFB74ahPjd88qtpMrCoyVte4ln48YWbbpXpdoEe8GC8AAdmnDSz1Rj9b9ekeIkqGnbL1QyKHdsl7VIg0LHHZCzuWQnbninwRbSG9rhtLL0tCJP53IMIR1McC8iK5Dsa8f7y0cbGCQt_Hr62YDRyM-6-GbJ8UO0PKxS35Arsxk8hrXmZEVuVeeIOov2ioEgqq4Gzt0KC61AhQ?testcase_id=6082209040826368


Additional requirements: Requires HTTP

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6082209040826368 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

zhongyi@ - looking at  issue 232040  it appears that there's a commit in M58 and a revert in M59, does the revert need to happen in 59 as well?

Also, as owner if this bug you should have access to https://cluster-fuzz.appspot.com/testcase?key=6082209040826368 where you can download the test case. Can you check you're using your chromium.org account to access it? 

I never cherrypick the change. If the change is not reverted in M58, that possibly M58 is branch in the middle of the LANDED ORIGINAL CL and REVERTED CL. i.e.,

ORIGINAL CL LANDED -> M58 branched -> ORIGINAL CL REVERTED. 

This is the revert CL: https://codereview.chromium.org/2730053002/. 

alph@: could you help confirm where's your revert CL landed? 

M58 branched from 4911fbccb34e32e407ffda07b2c68c13d1ce6df6 and looking at the logs,
https://chromium.googlesource.com/chromium/src/+log/4911fbccb34e32e407ffda07b2c68c13d1ce6df6/net/url_request/url_request_quic_unittest.cc

Unfortunately, the revert missed to be picked up by M58. Requesting merge to M58 to branch 3029. 

It's easy.

454457 Original CL 
454471 <-- M58 branch
454554 Revert
454679 Reland

I didn't revert it in the branch. So the branch needs a fix.

+awhalley@ (Security TPM) for M58 merge review.

govind@ - good for M58 merge

Approving merge to M58 branch 3029 based on comment #16. Please merge ASAP. Thank you.

Please mark security bugs as fixed as soon as the fix lands, and before requesting merges. This update is based on the merge- labels applied to this issue. Please reopen if this update was incorrect.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The revert landed. Whoops, looks like the reverts commit info goes directly to the original  issue 232040 . 

govind@: could you please take a look? Thanks!

Yes, revert is landed here - https://chromium.googlesource.com/chromium/src.git/+/f260d6b6ba529ac09689e0755e4674632f9bb753

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot