Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Predator and CL did not provide any possible suspects.

Using Code Search for the file, "command_line.cc" assigning to the concern owner.

Suspecting Commit : https://chromium.googlesource.com/chromium/src/+/306871de3e87f2d1844952ee730112e1fdabbae4

fdegans@ -- Could you please look into the issue, kindly re-assign if this is not related to your changes.


Thank You.

Ugh, the regression range looks really old (June 2017). It can't be my CL because it is essentially a NO-OP. Looking into the revision history to find a likely culprit.

Re-assigning to thestig@ going by the command_line.h history.
Ignore the regression range as it is incorrect. I think it's just clusterfuzz way of saying they couldn't find a regression and the issue has supposedly always been there.

Let's not dwell too much on the CF bisect range. Let's just see if we can reprodue it locally, and if so, fix it.

My theory is something about base::CommandLine may have changed, or the way it's hooked up has changed. base::CommandLine requires initialization and the fuzzer does not do it:

[0910/184103.480781:FATAL:command_line.cc(235)] Check failed: current_process_commandline_.

#0  base::debug::(anonymous namespace)::DebugBreak() () at base/debug/debugger_posix.cc:240
#1  base::debug::BreakDebugger() () at base/debug/debugger_posix.cc:263
#2  ~LogMessage() () at base/logging.cc:865
#3  base::CommandLine::ForCurrentProcess() () at base/command_line.cc:235
#4  APIKeyCache() () at google_apis/google_api_keys.cc:98
#5  base::LazyInstanceTraitsBase<google_apis::APIKeyCache>::New(void*) () at base/lazy_instance.h:68
#6  base::internal::DestructorAtExitLazyInstanceTraits<google_apis::APIKeyCache>::New(void*) () at base/lazy_instance.h:92
#7  google_apis::APIKeyCache* base::subtle::GetOrCreateLazyPointer<google_apis::APIKeyCache>(long*, google_apis::APIKeyCache* (*)(void*), void*, void (*)(void*), void*) () at base/lazy_instance_helpers.h:83
#8  base::LazyInstance<google_apis::APIKeyCache, base::internal::DestructorAtExitLazyInstanceTraits<google_apis::APIKeyCache> >::Pointer() () at base/lazy_instance.h:157
#9  base::LazyInstance<google_apis::APIKeyCache, base::internal::DestructorAtExitLazyInstanceTraits<google_apis::APIKeyCache> >::Get() () at base/lazy_instance.h:148
#10 google_apis::GetAPIKey() () at google_apis/google_api_keys.cc:308
#11 ParseParameter() () at components/search_engines/template_url.cc:707
#12 ParseURL() () at components/search_engines/template_url.cc:759
#13 ParseIfNecessary() () at components/search_engines/template_url.cc:812
#14 TemplateURLRef::IsValid(SearchTermsData const&) const () at components/search_engines/template_url.cc:405
#15 GetTemplateURL() () at components/search_engines/template_url_parser.cc:332
#16 Parse() () at components/search_engines/template_url_parser.cc:516
#17 LLVMFuzzerTestOneInput() () at testing/libfuzzer/fuzzers/template_url_parser_fuzzer.cc:51

https://chromium-review.googlesource.com/c/chromium/src/+/1218163

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7f872a6050a52b44ccf086e7404e20f662ec92a3

commit 7f872a6050a52b44ccf086e7404e20f662ec92a3
Author: Lei Zhang <thestig@chromium.org>
Date: Tue Sep 11 04:51:40 2018

Initialize base::CommandLine for template_url_parser_fuzzer.

template_url_parser_fuzzer eventually calls down into code that
interacts with base::CommandLine.

BUG= 882155 

Change-Id: Id37803e2f3e67a6acc2e5686b136661d3bb0e1ea
Reviewed-on: https://chromium-review.googlesource.com/1218163
Reviewed-by: Max Moroz <mmoroz@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/master@{#590202}
[modify] https://crrev.com/7f872a6050a52b44ccf086e7404e20f662ec92a3/testing/libfuzzer/fuzzers/template_url_parser_fuzzer.cc

ClusterFuzz has detected this issue as fixed in range 589987:590303.

Detailed report: https://clusterfuzz.com/testcase?key=5504474414841856

Fuzzer: libFuzzer_template_url_parser_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000020
Crash State:
  bool base::ContainsKey<std::__1::map<std::__1::basic_string<char, std::__1::char
  base::CommandLine::HasSwitch
  google_apis::APIKeyCache::CalculateKeyValue
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=479882:479941
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=589987:590303

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5504474414841856

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5504474414841856 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.