Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Predator could not provide any possible suspects.

From the below CL observing some changes related to 'StringPiece' hence suspecting the same
https://chromium.googlesource.com/chromium/src/+log/99ce3024704f4edcf3ca9341c4869f26f4229870..e5a6dfada32caaccc93e4f3ca4cb0bd0f6cdd019?pretty=fuller&n=10000

Suspect CL: https://chromium.googlesource.com/chromium/src/+/e5a6dfada32caaccc93e4f3ca4cb0bd0f6cdd019

palmer@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner.

Thanks!

ksakamoto: We added bounds checking to StringPiece, and it looks like we got a hit. Can you please take a look? Thanks!

It definitely looks like there's a missing !input_.empty() in `while (input_.front() != '"') {` at https://cs.chromium.org/chromium/src/content/browser/web_package/signed_exchange_header_parser.cc?type=cs&q=StructuredHeaderParser::ReadString&sq=package:chromium&l=127.

 Issue 819650  has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6857c152c403a7684d742928e04ea7128c82ce21

commit 6857c152c403a7684d742928e04ea7128c82ce21
Author: Kunihiko Sakamoto <ksakamoto@chromium.org>
Date: Mon Mar 12 06:33:47 2018

Fix possible out-of-range access in StructuredHeaderParser::ReadString()

Bug:  819649 
Change-Id: I44905d1b25690bdfa8f652e2e56b5ca868996df4
Reviewed-on: https://chromium-review.googlesource.com/958764
Reviewed-by: Kouhei Ueno <kouhei@chromium.org>
Commit-Queue: Kunihiko Sakamoto <ksakamoto@chromium.org>
Cr-Commit-Position: refs/heads/master@{#542430}
[modify] https://crrev.com/6857c152c403a7684d742928e04ea7128c82ce21/content/browser/web_package/signed_exchange_header_parser.cc
[modify] https://crrev.com/6857c152c403a7684d742928e04ea7128c82ce21/content/browser/web_package/signed_exchange_header_parser_unittest.cc

ClusterFuzz has detected this issue as fixed in range 542429:542430.

Detailed report: https://clusterfuzz.com/testcase?key=6022352593485824

Fuzzer: libFuzzer_signed_exchange_header_parser_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Abrt
Crash Address: 0x0539000052f5
Crash State:
  base::BasicStringPiece<std::__1::basic_string<char, std::__1::char_traits<char>,
  content::StructuredHeaderParser::ReadString
  content::StructuredHeaderParser::ReadItem
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=541193:541201
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=542429:542430

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6022352593485824

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6022352593485824 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.