Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/ee5a39ceca0897f43f63059d44635da6f02d0a50 (Omnibox - Open Search - Handle Lack of Short Name Smartly).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

This change above is indeed related.  It allows keywords to be created based on something that looks like a URL in cases when the short name is missing.  In this case, the thing that looks like a URL is a mess.  I think most likely the issue is with the idn spoofer itself, as that's where the crash is happening.  I don't see any harm of creating search engines with wacky keywords, i.e., I don't think we necessarily should be blocking creation of the keyword.  Assigning to an owner of the idn spoofing code.

(Feel free to push make to me if you think there's something wrong in particular with allowing these to be created as custom search engines.)

Note that this crash was found via a regression range in 2017; I'm not sure if it's still an issue.

(I don't actually own this code, but I'm familiar with it)

It looks like url_formatter assumes that an IDN will always have more than one label, which is not the case here. The punycode version of the test URL is http://xn--dmb/ which sets is_tld_ascii incorrecly in IDNToUnicodeWithAdjustments.

Comment #4 is wrong, this is caused by a character whose ICU skeleton is a dot.

(xn--dmb is Extended Arabic-Indic Digit Zero (۰))

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7367cae22d962f507984c85a63987773a29ce18b

commit 7367cae22d962f507984c85a63987773a29ce18b
Author: Mustafa Emre Acer <meacer@chromium.org>
Date: Wed Oct 17 20:01:25 2018

Fix crash in IdnSpoofChecker with certain characters

IdnSpoofChecker incorrectly assumed that a skeleton string shouldn't contain any dots. This isn't true, skeletons of some characters such as Extended Arabic-Indic Digit Zero (۰) is indeed a dot.

Remove this assumption and add a test case.

Bug:  877045 
Change-Id: I6e73c4d2b850f614b8a685f5068d9cd1028f1b24
Reviewed-on: https://chromium-review.googlesource.com/c/1284058
Reviewed-by: Tommy Li <tommycli@chromium.org>
Commit-Queue: Mustafa Emre Acer <meacer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#600528}
[modify] https://crrev.com/7367cae22d962f507984c85a63987773a29ce18b/components/url_formatter/idn_spoof_checker.cc
[modify] https://crrev.com/7367cae22d962f507984c85a63987773a29ce18b/components/url_formatter/url_formatter_unittest.cc

ClusterFuzz has detected this issue as fixed in range 600523:600536.

Detailed report: https://clusterfuzz.com/testcase?key=4856318477991936

Fuzzer: libFuzzer_template_url_parser_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  skeleton.back() != in idn_spoof_checker.cc
  url_formatter::LookupMatchInTopDomains
  url_formatter::IDNSpoofChecker::GetSimilarTopDomain
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=476109:476174
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=600523:600536

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4856318477991936

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4856318477991936 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.