Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/b1699763c1d7c7beccd38a6fc39bc71bab36c04f (Migrate libwebp fuzzers from OSS-Fuzz to third_party).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Yannis and Martin, would you mind taking a look at this since it seems like you worked on the fuzzer?

I didn't modify the logic of the code at all when I copied from oss-fuzz, but some preliminary debugging shows that this fuzzer is crashing right away with a call to WebPAnimEncoderNew and not even getting to interesting test cases.

I did not manage to reproduce it locally yet, I'll take another look.
I noticed the reproducer testcase was empty though.

Were you able to run the fuzzer at all? Mine crashes immediately on AddFrame, which is, I think, why the reproducer testcase is empty.

Switching owners since I'm not very familiar with this code.

I reproduced and fixed the bugs locally with the same flags as libwebp_config_internal.
I sent for review this change:
https://chromium-review.googlesource.com/c/chromium/src/+/1368104

However I was unsuccessful in reproducing the issues with the
chromium tools ('clusterfuzz reproduce' always gives
CommandFailedError). Could you check that the patch works?

Also fuzz_webp_animencoder should stay on oss-fuzz; the target is
not being run in chromium but it doesn't mean it should not be
tested elsewhere.

This issue is now Closed, correct? Because you removed the libwebp_anim_encoder_fuzzer target from Chromium (but not oss-fuzz) since we do not use the animated encoder in Chrome: crrev.com/c/1368109

Once it's confirmed that the patch works and the CL is submitted, yes.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/947e0b191b9c892277d5e8bf9988d2f84067349c

commit 947e0b191b9c892277d5e8bf9988d2f84067349c
Author: Yannis Guyon <yguyon@google.com>
Date: Tue Dec 11 19:31:49 2018

third_party/libwebp/fuzzing: Remove libwebp_anim_encoder_fuzzer

WEBP_REDUCE_SIZE is defined in chromium, disabling WebPPictureCopy(),
making WebPAnimEncoderNew() unavailable.
Remove the fuzz target libwebp_anim_encoder_fuzzer because AnimEncoder
is not used within chromium.
Keep the file fuzz_webp_animencoder to run on oss-fuzz.

BUG= chromium:912506 

Change-Id: I9a981aca6b585896844428d6eb330707209496e5
Reviewed-on: https://chromium-review.googlesource.com/c/1368109
Reviewed-by: James Zern <jzern@google.com>
Commit-Queue: Yannis Guyon <yguyon@google.com>
Cr-Commit-Position: refs/heads/master@{#615625}
[modify] https://crrev.com/947e0b191b9c892277d5e8bf9988d2f84067349c/third_party/libwebp/BUILD.gn

ClusterFuzz has detected this issue as fixed in range 615491:615975.

Detailed report: https://clusterfuzz.com/testcase?key=5094330391592960

Fuzzer: libFuzzer_libwebp_anim_encoder_fuzzer
Fuzz target binary: libwebp_anim_encoder_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Abrt
Crash Address: 0x05390017a742
Crash State:
  AddFrame
  fuzz_webp_animencoder.cc
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=614191:614217
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=615491:615975

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5094330391592960

See https://www.chromium.org/developers/testing/memorysanitizer#TOC-Reproducing-ClusterFuzz-Bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5094330391592960 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.