Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/b56def8da2b40d2c9424b3333acba5356f7412fe ([Cast channel] Add basic fuzzer tests).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

The input message here is "0000 ffff" - which means a header stating the body size is 65535. The MessageFramer should have rejected this message when parsing the header since the combined message size should not exceed 65535 (i.e. body cannot exceed 65535-4 = 65531)

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3c91f864a63ab8d8d71067ae22b943bd63bd11a2

commit 3c91f864a63ab8d8d71067ae22b943bd63bd11a2
Author: Derek Cheng <imcheng@chromium.org>
Date: Fri Apr 06 18:16:59 2018

[Cast channel Fix MessageFramer body size check.

The cast protocol allows a max message size of 64kb = 65536 bytes.
However Chrome does not enforce this correctly in the following ways:
- 65535 is used instead of 65536 as the max limit
- The limit should not include the 4 byte header, but Chrome includes it
(e.g., the IOBuffer used to read both only has 65535 bytes of capacity)

This patch fixes this by allocating 65536 + 4 bytes for the input
buffer, and modifying the check for message size against 65536.

Bug:  822611 
Change-Id: I27121abb57dee5aee9741173e19cf0178184477d
Reviewed-on: https://chromium-review.googlesource.com/996475
Commit-Queue: Derek Cheng <imcheng@chromium.org>
Reviewed-by: Adam Parker <amp@chromium.org>
Cr-Commit-Position: refs/heads/master@{#548860}
[modify] https://crrev.com/3c91f864a63ab8d8d71067ae22b943bd63bd11a2/components/cast_channel/cast_framer.cc
[modify] https://crrev.com/3c91f864a63ab8d8d71067ae22b943bd63bd11a2/components/cast_channel/cast_framer.h
[modify] https://crrev.com/3c91f864a63ab8d8d71067ae22b943bd63bd11a2/components/cast_channel/cast_framer_unittest.cc

ClusterFuzz has detected this issue as fixed in range 548851:548862.

Detailed report: https://clusterfuzz.com/testcase?key=6328866491334656

Fuzzer: libFuzzer_cast_message_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  bytes_left <= MessageHeader::max_message_size() - MessageHeader::header_size() i
  cast_channel::MessageFramer::BytesRequested
  cast_message_fuzzer.cc
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=542863:542878
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=548851:548862

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6328866491334656

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6328866491334656 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.