Dupe of  Issue 699357  ?

The CL that introduced the fuzzer notes: "It's probably worth pointing out that the base json parser is not meant to be security hardened and handle invalid json. So depending on what kind of fuzzing you're doing we may or may not want to act on the results. See https://bugs.chromium.org/p/chromium/issues/detail?id=644664#c5."

It's unclear from this report whether the behavior encountered has any security impact.

aizatsky: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

+cc rsesek: should we disregard this one?

aizatsky: Uh oh! This issue still open and hasn't been updated in the last 28 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

rsesek@hotwire:/Users/rsesek % xxd /Users/rsesek/Downloads/clusterfuzz-testcase-4613647767961600 
00000000: 2232 3101 0000 0000 0000 0037 2222       "21........7""


Yeah. The input has a NUL byte, so the string is considered terminated.

ClusterFuzz has detected this issue as fixed in range 464996:465037.

Detailed report: https://clusterfuzz.com/testcase?key=4613647767961600

Fuzzer: libfuzzer_base_json_correctness_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  parsed_output == double_parsed_output. Parser/Writer mismatch.
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=428777:428862
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=464996:465037

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv950YlPRyBvOuaArcDKYnplMZL2v0P_2rgFZEdTHRkn2p5UUYIbRc0nPJSkcNY76SsW-ZgP6z2_Zt5MgKH2353wv-XuqONUwle3d97fU89p3xAz90SucjDPj7Da5Gft-c-dtyfRNcPTWLIy0R6mE6N-QSYB4VVJhGiKLWlkhijM-O7GXGNQH8Wptrz_Qt42hBKACtMYQpnn8mVPD-_9mGreDxypFSkB0hWmNJhU2GsQYc4K7TUNZXzJ1ICvMHLAdNEMnUNfxWV6eIVClA831xcQeGSmSR4Fw-IYaaH3RH8HS8Naj8Cj89ie87bdlEKD2WZohFSDcDAa_fmR6EFvRW_jtZfnPuoZC62h7rL_gI8gjsd7yK2M?testcase_id=4613647767961600


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot