Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/e2e9d0b71ded5408aaa0b469791fc1df4fcf1648 (Signed Exchange: Switch to b1 envelope format).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/44a9e657e0b629ac3518d2887c1aed9870c808e9

commit 44a9e657e0b629ac3518d2887c1aed9870c808e9
Author: Kunihiko Sakamoto <ksakamoto@chromium.org>
Date: Tue Jun 05 10:04:26 2018

Fix signed_exchange_envelope_fuzzer

It was using wrong constant to check input length.

Bug:  849144 , 848779 
Change-Id: I0408e9147922fcc3d94388709e455d9393165426
Reviewed-on: https://chromium-review.googlesource.com/1086427
Reviewed-by: Kouhei Ueno <kouhei@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Commit-Queue: Kinuko Yasuda <kinuko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#564428}
[modify] https://crrev.com/44a9e657e0b629ac3518d2887c1aed9870c808e9/content/test/fuzzer/signed_exchange_envelope_fuzzer.cc

ClusterFuzz has detected this issue as fixed in range 564425:564434.

Detailed report: https://clusterfuzz.com/testcase?key=6540458646568960

Fuzzer: libFuzzer_signed_exchange_envelope_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 1
Crash Address: 0x60500000de2a
Crash State:
  content::SignedExchangePrologue::ParseEncodedLength
  content::SignedExchangePrologue::Parse
  signed_exchange_envelope_fuzzer.cc
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=563572:563576
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=564425:564434

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6540458646568960

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6540458646568960 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot