Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/fc0f49d77d09b465611339be74f687ccffb0ec5e (Edid: make a class out of the edid parsing functions).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Will take a look on Monday but clusterfuzz doesn't like l342, where
we read the kNumExtensionsOffset byte of |edid|, but this access is
protected  with the if() right before:

  if (edid.size() < kNumExtensionsOffset) {
    LOG(ERROR) ...;
    return;  // Any other fields below are beyond this edid offset.
  }
  const uint8_t num_extensions = edid[kNumExtensionsOffset];

Oooh I see it's an off-by-on error :-P   
it should read:
  if (edid.size() < kNumExtensionsOffset + 1) {

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/310add350b676054decfdaca57f03fe9039c12f4

commit 310add350b676054decfdaca57f03fe9039c12f4
Author: Miguel Casas <mcasas@chromium.org>
Date: Sun Apr 08 01:48:30 2018

Edid parser: fix heap_buffer_overflow

This CL fixes a heap_buffer_overflow error found by clusterfuzz;
it is an off-by-one comparison in an if-not-long-enough protection
clause. Thanks clusterfuzz!

Bug:  830138 
Change-Id: I3dea4996979a19b770993fb294986f4596a79a7d
Reviewed-on: https://chromium-review.googlesource.com/1001572
Reviewed-by: Avi Drissman <avi@chromium.org>
Commit-Queue: Miguel Casas <mcasas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#549079}
[modify] https://crrev.com/310add350b676054decfdaca57f03fe9039c12f4/ui/display/util/edid_parser.cc

ClusterFuzz has detected this issue as fixed in range 549078:549079.

Detailed report: https://clusterfuzz.com/testcase?key=5969430534946816

Fuzzer: afl_edid_parser_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 1
Crash Address: 0x612000009bfe
Crash State:
  display::EdidParser::ParseEdid
  edid_parser_fuzzer.cc
  ExecuteFilesOnyByOne
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=548855:548871
Fixed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=549078:549079

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5969430534946816

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5969430534946816 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot