Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/1dd87f896364b429d038cfe689d2594b2a2d7ec0 (Landing Recent QUIC changes until 1:56 PM, Dec 21, 2018 UTC-8).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

ClusterFuzz has detected this issue as fixed in range 619804:619838.

Detailed report: https://clusterfuzz.com/testcase?key=5692915896287232

Fuzzer: afl_net_quic_stream_factory_fuzzer
Fuzz target binary: net_quic_stream_factory_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000000
Crash State:
  quic::QuicSession::~QuicSession
  quic::QuicSpdySession::~QuicSpdySession
  quic::QuicSpdyClientSessionBase::~QuicSpdyClientSessionBase
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=619589:619591
Fixed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=619804:619838

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5692915896287232

See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5692915896287232 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/96014258b10b68369fc49c93ce594e0ae250f50e

commit 96014258b10b68369fc49c93ce594e0ae250f50e
Author: Zhongyi Shi <zhongyi@chromium.org>
Date: Sat Jan 05 01:19:47 2019

Revert internal change: 226538637 due to UAF issues.

Original change message:
  Use PendingStreams to buffer incoming streams.
  Behavior changes protected by  QUIC version 99

  Allow QuicSession to buffer frames for incoming streams in a PendingStream
  until the first byte arrives, if ShouldBufferIncomingStream() returns true.
  Change QuicSpdySession to return true for v99 unidirectional streams.

  Merge internal change: 226538637

Bug: 919184, 919073,  919048 , 919014,  918890 ,  918834 , 918888,  918832 , 918849
Change-Id: I14be0f9d97de31bf6ea0d40afe5e457a318e8f02
Reviewed-on: https://chromium-review.googlesource.com/c/1396312
Reviewed-by: Nick Harper <nharper@chromium.org>
Commit-Queue: Zhongyi Shi <zhongyi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#620141}
[modify] https://crrev.com/96014258b10b68369fc49c93ce594e0ae250f50e/net/third_party/quic/core/http/quic_spdy_session.cc
[modify] https://crrev.com/96014258b10b68369fc49c93ce594e0ae250f50e/net/third_party/quic/core/http/quic_spdy_session.h
[modify] https://crrev.com/96014258b10b68369fc49c93ce594e0ae250f50e/net/third_party/quic/core/http/quic_spdy_session_test.cc
[modify] https://crrev.com/96014258b10b68369fc49c93ce594e0ae250f50e/net/third_party/quic/core/quic_session.cc
[modify] https://crrev.com/96014258b10b68369fc49c93ce594e0ae250f50e/net/third_party/quic/core/quic_session.h
[modify] https://crrev.com/96014258b10b68369fc49c93ce594e0ae250f50e/net/third_party/quic/core/quic_session_test.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7adf0a361b75d1f13859cc07ec0b22c353619cf0

commit 7adf0a361b75d1f13859cc07ec0b22c353619cf0
Author: Ryan Hamilton <rch@chromium.org>
Date: Fri Jan 11 02:19:23 2019

Re-land 96014258b10b68369fc49c93ce594e0ae250f50e which re-lands
internal change 226538637 to use PendingStreams.

Revert "Revert internal change: 226538637 due to UAF issues."

This reverts commit 96014258b10b68369fc49c93ce594e0ae250f50e.

    Revert internal change: 226538637 due to UAF issues.

    Original change message:
      Use PendingStreams to buffer incoming streams.
      Behavior changes protected by  QUIC version 99

      Allow QuicSession to buffer frames for incoming streams in a PendingStream
      until the first byte arrives, if ShouldBufferIncomingStream() returns true.
      Change QuicSpdySession to return true for v99 unidirectional streams.

      Merge internal change: 226538637

Change-Id: I936c08561ea61d6271e3f2fa4fb06f9796552329

Bug: 919184, 919073,  919048 , 919014,  918890 ,  918834 , 918888,  918832 , 918849
Change-Id: I936c08561ea61d6271e3f2fa4fb06f9796552329
Reviewed-on: https://chromium-review.googlesource.com/c/1404383
Reviewed-by: Zhongyi Shi <zhongyi@chromium.org>
Commit-Queue: Ryan Hamilton <rch@chromium.org>
Cr-Commit-Position: refs/heads/master@{#621873}
[modify] https://crrev.com/7adf0a361b75d1f13859cc07ec0b22c353619cf0/net/quic/quic_chromium_client_session.cc
[modify] https://crrev.com/7adf0a361b75d1f13859cc07ec0b22c353619cf0/net/third_party/quic/core/http/quic_spdy_session.cc
[modify] https://crrev.com/7adf0a361b75d1f13859cc07ec0b22c353619cf0/net/third_party/quic/core/http/quic_spdy_session.h
[modify] https://crrev.com/7adf0a361b75d1f13859cc07ec0b22c353619cf0/net/third_party/quic/core/http/quic_spdy_session_test.cc
[modify] https://crrev.com/7adf0a361b75d1f13859cc07ec0b22c353619cf0/net/third_party/quic/core/quic_session.cc
[modify] https://crrev.com/7adf0a361b75d1f13859cc07ec0b22c353619cf0/net/third_party/quic/core/quic_session.h
[modify] https://crrev.com/7adf0a361b75d1f13859cc07ec0b22c353619cf0/net/third_party/quic/core/quic_session_test.cc
[modify] https://crrev.com/7adf0a361b75d1f13859cc07ec0b22c353619cf0/net/third_party/quic/core/quic_stream.h