Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/fef8ff15eefa2df303306340c7c1bb33ab16d040 (Added a fuzzer for the HTML tokenizer).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f3a7fa9abab0644914076cf49c63f6bb01d8493f

commit f3a7fa9abab0644914076cf49c63f6bb01d8493f
Author: Charlie Harrison <csharrison@chromium.org>
Date: Fri Nov 30 15:25:41 2018

Replace ConsumeBytesInRange with ConsumeRandomLengthString in fuzzed_data_provider

This CL changes the Blink wrapper for fuzzed_data_provider for callers wanting
a random length string. This uses a much simpler technique for pulling strings
out of random data which should yield better fuzzing discovery.

Note: This will change the behavior of the (two) fuzzers using ConsumeBytesInRange.

Additionally, we add a small max limit to the tokenizer fuzzer to avoid hangs. I
couldn't find anything wrong with the production code to cause these hangs.

Bug:  813761 
Change-Id: I30b3be16b6c101165fdd3041596a82412e5c46f1
Reviewed-on: https://chromium-review.googlesource.com/c/1354413
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Reviewed-by: Max Moroz <mmoroz@chromium.org>
Commit-Queue: Max Moroz <mmoroz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#612654}
[modify] https://crrev.com/f3a7fa9abab0644914076cf49c63f6bb01d8493f/third_party/blink/renderer/core/html/parser/html_tokenizer_fuzzer.cc
[modify] https://crrev.com/f3a7fa9abab0644914076cf49c63f6bb01d8493f/third_party/blink/renderer/core/html/parser/text_resource_decoder_for_fuzzing.h
[modify] https://crrev.com/f3a7fa9abab0644914076cf49c63f6bb01d8493f/third_party/blink/renderer/platform/testing/fuzzed_data_provider.cc
[modify] https://crrev.com/f3a7fa9abab0644914076cf49c63f6bb01d8493f/third_party/blink/renderer/platform/testing/fuzzed_data_provider.h

ClusterFuzz testcase 4754906502922240 appears to be flaky, updating reproducibility label.

Please ignore the last comment about testcase being unreproducible. The testcase is still reproducible. This happened due to a code refactoring on ClusterFuzz side, and the underlying root cause is now fixed. Resetting the label back to Reproducible. Sorry about the inconvenience caused from these incorrect notifications.

Please ignore the last comment about testcase being unreproducible. The testcase is still reproducible. This happened due to a code refactoring on ClusterFuzz side, and the underlying root cause is now fixed. Resetting the label back to Reproducible. Sorry about the inconvenience caused from these incorrect notifications.

ClusterFuzz has detected this issue as fixed in range 612653:612656.

Detailed report: https://clusterfuzz.com/testcase?key=4754906502922240

Fuzzer: libFuzzer_blink_html_tokenizer_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Timeout (exceeds 25 secs)
Crash Address: 
Crash State:
  blink_html_tokenizer_fuzzer
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=507046:507082
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=612653:612656

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4754906502922240

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4754906502922240 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.