Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/f3322d752f4eb6326b194a5f9f378f9fe9a422ee (Hardening and cleanup of base::JSONParser.).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

 Issue 825098  has been merged into this issue.

So, these StringPiece checks and hardening in JSON reader is great.

One important point is this particular issue via JSON Reader is hitting a lot (and blocks/makes fuzzing inefficient and maybe hit in production with real users), sometimes from other fuzz targets calling JSON Reader. Can you please see if this is easily fixable so that we dont crash on check.

This is a legit bug, but the fix is easy.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/17c47be58b4e0db9f791e7d0ec8bf7627251349f

commit 17c47be58b4e0db9f791e7d0ec8bf7627251349f
Author: Robert Sesek <rsesek@chromium.org>
Date: Tue Mar 27 03:20:33 2018

Fix "CHECK failure: i < length_ in string_piece.h" in base::JSONParser.

There was an off-by-one error in parsing escape sequences.

Bug:  825067 , 489301
Change-Id: Ic7a99b7c590cc3146b38a35d61e4c980e4e8e9a1
Reviewed-on: https://chromium-review.googlesource.com/981240
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#545954}
[modify] https://crrev.com/17c47be58b4e0db9f791e7d0ec8bf7627251349f/base/json/json_parser.cc
[modify] https://crrev.com/17c47be58b4e0db9f791e7d0ec8bf7627251349f/base/json/json_parser_unittest.cc

ClusterFuzz testcase 6039475487244288 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

ClusterFuzz has detected this issue as fixed in range 545931:545956.

Detailed report: https://clusterfuzz.com/testcase?key=5095620587814912

Fuzzer: libFuzzer_payment_method_manifest_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  i < length_ in string_piece.h
  base::BasicStringPiece<>::operator
  base::internal::JSONParser::ConsumeStringRaw
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=545272:545275
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=545931:545956

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5095620587814912

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 545931:545956.

Detailed report: https://clusterfuzz.com/testcase?key=5095620587814912

Fuzzer: libFuzzer_payment_method_manifest_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  i < length_ in string_piece.h
  base::BasicStringPiece<>::operator
  base::internal::JSONParser::ConsumeStringRaw
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=545272:545275
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=545931:545956

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5095620587814912

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.