This is the new repro after fuzz target change, old bug was https://bugs.chromium.org/p/chromium/issues/detail?id=821367#c7

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

ClusterFuzz has detected this issue as fixed in range 545270:545274.

Detailed report: https://clusterfuzz.com/testcase?key=5083099617296384

Fuzzer: afl_base_json_reader_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 1
Crash Address: 0x60e000003100
Crash State:
  base::IteratorRangeToNumber<base::BaseHexIteratorRangeToIntTraits<char const*> >
  base::IteratorRangeToNumber<base::BaseHexIteratorRangeToIntTraits<char const*> >
  base::HexStringToInt
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=543203:543234
Fixed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=545270:545274

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5083099617296384

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5083099617296384 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f3322d752f4eb6326b194a5f9f378f9fe9a422ee

commit f3322d752f4eb6326b194a5f9f378f9fe9a422ee
Author: Robert Sesek <rsesek@chromium.org>
Date: Thu Mar 22 22:40:17 2018

Hardening and cleanup of base::JSONParser.

- Access the input stream through StringPiece, which now performs bounds
  checking (https://crbug.com/817982), rather than raw char pointers.
- Add additional release-mode bounds checking in parser-advance functions.
- Stop keeping two pieces of iterator state (pos_ and index_) in favor of
  just one.
- Replace direct use of CBU8_ macros for reading and writing UTF-8 and
  UTF-16 data with the utf_string_conversion_utils.h wrappers.

Bug: 489301,  821364 ,  822120 
Change-Id: I80be7e3d8bc92714b7d04dadcb85c9f49101c87c
Reviewed-on: https://chromium-review.googlesource.com/962998
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#545274}
[modify] https://crrev.com/f3322d752f4eb6326b194a5f9f378f9fe9a422ee/base/json/json_parser.cc
[modify] https://crrev.com/f3322d752f4eb6326b194a5f9f378f9fe9a422ee/base/json/json_parser.h
[modify] https://crrev.com/f3322d752f4eb6326b194a5f9f378f9fe9a422ee/base/json/json_parser_unittest.cc
[modify] https://crrev.com/f3322d752f4eb6326b194a5f9f378f9fe9a422ee/base/json/json_reader.cc
[modify] https://crrev.com/f3322d752f4eb6326b194a5f9f378f9fe9a422ee/base/json/json_reader.h

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot