Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Unable to find actual suspect through code search and also observing no CL's under regression range, hence adding appropriate label and requesting someone from dev team to look in to this issue.

Thanks!

Assigning to myself as this is the upstream fuzzer I just landed in Issue 900480.

I think in the new fuzzer [1] we'll need to add the same custom malloc/free to avoid too-large allocations as in the old fuzzer [2].

[1] https://cs.chromium.org/chromium/src/third_party/libpng/contrib/oss-fuzz/libpng_read_fuzzer.cc
[2] https://cs.chromium.org/chromium/src/testing/libfuzzer/fuzzers/libpng_read_fuzzer.cc?q=libpng_read_fu&sq=package:chromium&g=0&l=16

+cc mmoroz@ in case there's a better way to address this.

Yeah, looks like that should help as per the allocations recorded (in the stacktrace):
- 16777440 byte(s) (78%) in 1 allocation(s)  --> greater that 8000000 limit.

Fixing this might also fix  issue 891967 , I believe.

 Issue 891967  looks similar but I think it will need a different fix (or, maybe it will be fixed by the switch to the upstream fuzzer -- the impact check on clusterfuzz makes it look like it no longer repros on HEAD).

For this test case (for reference):

$ pngcheck -v clusterfuzz-testcase-minimized-libpng_read_fuzzer-5364742333661184
File: clusterfuzz-testcase-minimized-libpng_read_fuzzer-5364742333661184 (41 bytes)
  chunk IHDR at offset 0x0000c, length 13
    5 x 262151 image, 1-bit grayscale, non-interlaced
  CRC error in chunk IHDR (computed 6c96b4b9, expected 0600e2df)
ERRORS DETECTED in clusterfuzz-testcase-minimized-libpng_read_fuzzer-5364742333661184

Locally testing before reprod the crash, and after adding the limited malloc shows the crash not happening anymore (at least for this particular test case).

CL with the fix is up here: https://chromium-review.googlesource.com/c/chromium/src/+/1330936

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e9f1c43d9e83b7ab2eb6bdf5f4fc7bbdd047e4cd

commit e9f1c43d9e83b7ab2eb6bdf5f4fc7bbdd047e4cd
Author: Christopher Thompson <cthomp@chromium.org>
Date: Tue Nov 13 16:56:25 2018

Add custom malloc with max limit to prevent OOM

This adds the custom malloc/free functions from the old
libpng_read_fuzzer to the upstream fuzzer to prevent clusterfuzz running
into OOM.

Bug:  904054 
Change-Id: Ibb824beb191cb5657687c55ee2db8c7783547bad
Reviewed-on: https://chromium-review.googlesource.com/c/1330936
Commit-Queue: Christopher Thompson <cthomp@chromium.org>
Reviewed-by: Leon Scroggins <scroggo@chromium.org>
Reviewed-by: Max Moroz <mmoroz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#607622}
[modify] https://crrev.com/e9f1c43d9e83b7ab2eb6bdf5f4fc7bbdd047e4cd/third_party/libpng/README.chromium
[modify] https://crrev.com/e9f1c43d9e83b7ab2eb6bdf5f4fc7bbdd047e4cd/third_party/libpng/contrib/oss-fuzz/libpng_read_fuzzer.cc
[add] https://crrev.com/e9f1c43d9e83b7ab2eb6bdf5f4fc7bbdd047e4cd/third_party/libpng/patches/0002-fuzzeroom.patch
[modify] https://crrev.com/e9f1c43d9e83b7ab2eb6bdf5f4fc7bbdd047e4cd/third_party/libpng/patches/README

ClusterFuzz has detected this issue as fixed in range 607614:607624.

Detailed report: https://clusterfuzz.com/testcase?key=5364742333661184

Fuzzer: libFuzzer_libpng_read_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Out-of-memory (exceeds 2048 MB)
Crash Address: 
Crash State:
  libpng_read_fuzzer
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=607021:607048
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=607614:607624

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5364742333661184

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5364742333661184 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.