Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

it's a bug in expat (outside of update_engine):

../expat-2.1.1/lib/xmltok_impl.c:721:5: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
     #0 0x7eff3942068f in big2_contentTok /build/amd64-generic/tmp/portage/dev-libs/expat-2.1.1-r2/work/expat-2.1.1/lib/xmltok_impl.c:0:7
     #1 0x7eff393ee349 in doContent /build/amd64-generic/tmp/portage/dev-libs/expat-2.1.1-r2/work/expat-2.1.1/lib/xmlparse.c:2303:15
     #2 0x7eff393e9138 in contentProcessor /build/amd64-generic/tmp/portage/dev-libs/expat-2.1.1-r2/work/expat-2.1.1/lib/xmlparse.c:2152:27
    #3 0x7eff393e5453 in doProlog /build/amd64-generic/tmp/portage/dev-libs/expat-2.1.1-r2/work/expat-2.1.1/lib/xmlparse.c:4065:14
    #4 0x7eff393df0ff in prologProcessor /build/amd64-generic/tmp/portage/dev-libs/expat-2.1.1-r2/work/expat-2.1.1/lib/xmlparse.c:3788:10
    #5 0x7eff393dcd3d in XML_ParseBuffer /build/amd64-generic/tmp/portage/dev-libs/expat-2.1.1-r2/work/expat-2.1.1/lib/xmlparse.c:1685:15
    #6 0x5625c9781748 in chromeos_update_engine::OmahaRequestAction::TransferComplete(chromeos_update_engine::HttpFetcher*, bool) /build/amd64-generic/tmp/portage/chromeos-base/update_engine-0.0.3-r3299/work/update_engine-0.0.3/aosp/system/update_engine/omaha_request_action.cc:1242:20
    #7 0x5625c97f4a6e in chromeos_update_engine::MockHttpFetcher::SignalTransferComplete() /build/amd64-generic/tmp/portage/chromeos-base/update_engine-0.0.3-r3299/work/update_engine-0.0.3/aosp/system/update_engine/common/mock_http_fetcher.cc:135:14
    #8 0x5625c97f4a6e in chromeos_update_engine::MockHttpFetcher::SendData(bool) /build/amd64-generic/tmp/portage/chromeos-base/update_engine-0.0.3-r3299/work/update_engine-0.0.3/aosp/system/update_engine/common/mock_http_fetcher.cc:52
    #9 0x5625c97f4f08 in chromeos_update_engine::MockHttpFetcher::TimeoutCallback() /build/amd64-generic/tmp/portage/chromeos-base/update_engine-0.0.3-r3299/work/update_engine-0.0.3/aosp/system/update_engine/common/mock_http_fetcher.cc:86:3

Looks like this is enabled by clang's integer sanitizer (https://blog.regehr.org/archives/905):

runtime error: left shift of 1 by 31 places cannot be represented in type 'int'

Apparently expat is misusing 'int' type but we have no idea if that is a bug or not because expat compiled without '-fsanitize=integer' will ignore this. 

manojgupta@, what can be usually done in such case?

 Issue 912230  has been merged into this issue.

 Issue 912208  has been merged into this issue.

 Issue 912227  has been merged into this issue.

The exact flag here is -fsanitize=shift. To disable this, "-fno-sanitize=shift" should be used.

Now if we believe that these errors are harmless, shift sanitization can be turned off by adding "-fno-sanitize=shift" to the compiler flags. This can be done either in the ebuild or by adding a config file for expat. e.g. I had done a similar thing with brotli (disabling alignment sanitization) in CL https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/1313387

expat is a third-party package, in case vapier@ can provide pointers.

expat has a github page, so could try posting an issue there

Seems to be already fix in upstream last year
https://sourceforge.net/p/expat/bugs/529/

Probably libexpat just needs an update to latest release?

nice find! let's uprev expat.

expat is upreved. this should be fixed.

you can actually let the cluster fuzz mark it as fixed too once it verifies it can pass the testcase :)

ClusterFuzz has detected this issue as fixed in range 3191857:3202636.

Detailed report: https://clusterfuzz.com/testcase?key=5037650798706688

Project: chromeos
Fuzzer: libFuzzer_chromeos_update_engine_omaha_request_action_fuzzer
Fuzz target binary: update_engine_omaha_request_action_fuzzer
Job Type: libfuzzer_ubsan_chromeos
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  big2_contentTok
  doContent
  contentProcessor
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_ubsan_chromeos&range=3179336:3180287
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_ubsan_chromeos&range=3191857:3202636

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5037650798706688

See https://chromium.googlesource.com/chromiumos/docs/+/master/fuzzing.md#Reproducing-crashes-from-ClusterFuzz for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5037650798706688 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.