Automatically applying components based on crash stacktrace and information from OWNERS files. If this is incorrect, please apply the Test-Predator-Wrong-Components label.

This is longstanding bug, CF gave wrong impact due to a bug, i just fixed that.

pkasting, could you please help triage this as an OWNER of components/search_engines/ ?

 Issue 771048  has been merged into this issue.

ClusterFuzz testcase 6541977171787776 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

ClusterFuzz testcase 4551552911278080 is still reproducing on tip-of-tree build (trunk).

Please re-test your fix against this testcase and if the fix was incorrect or incomplete, please re-open the bug. Otherwise, ignore this notification and add ClusterFuzz-Wrong label.

re-opening per #9 to see if it needs some more attention

pkasting: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

For more information, please see https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md.

The link referenced in the description is no longer valid.

pkasting: Uh oh! This issue still open and hasn't been updated in the last 28 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

vasilii could you please take a look at this security bug?

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0a830cccad95f34bdac5658fd2cbc3b126fe99f4

commit 0a830cccad95f34bdac5658fd2cbc3b126fe99f4
Author: Vasilii Sukhanov <vasilii@chromium.org>
Date: Mon Nov 20 03:23:44 2017

Fix a crash in TemplateURLParser.

It was caused by dereferencing an invalid URL during parsing.

Bug:  770734 
Change-Id: I4fedd3f310aaf7e1e1d2384aa64939d46b8b2a5a
Reviewed-on: https://chromium-review.googlesource.com/773902
Commit-Queue: Vasilii Sukhanov <vasilii@chromium.org>
Reviewed-by: Peter Kasting <pkasting@chromium.org>
Cr-Commit-Position: refs/heads/master@{#517751}
[modify] https://crrev.com/0a830cccad95f34bdac5658fd2cbc3b126fe99f4/chrome/browser/search_engines/template_url_parser_unittest.cc
[modify] https://crrev.com/0a830cccad95f34bdac5658fd2cbc3b126fe99f4/components/search_engines/template_url_parser.cc

ClusterFuzz has detected this issue as fixed in range 517745:517751.

Detailed report: https://clusterfuzz.com/testcase?key=4551552911278080

Fuzzer: libFuzzer_template_url_parser_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 1
Crash Address: 0x603000000688
Crash State:
  bool url::DoExtractQueryKeyValue<char>
  TemplateURLParsingContext::ProcessURLParams
  TemplateURLParsingContext::EndElementImpl
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=459718:459727
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=517745:517751

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4551552911278080

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot