Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/773566053973b534e62c83981368c415afec49de (Use LLVMFuzzerInitialize() for media_pipeline_integration_fuzzer init.).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

+mmoroz, hey Max, Wez is seeing junk creep into the command line args after switching to use LLVMFuzzerInitialize(). Is this a known issue?

https://chromium-review.googlesource.com/c/chromium/src/+/1408129

CL that changed the CommandLine initialization was https://chromium-review.googlesource.com/c/chromium/src/+/1404563 and the issue has only been reported under Mac, AFAIK.

Issue is a null deref while looking up a command-line flag; my CL had changed the code from passing null argv+argc to CommandLine to passing the values from LLVMFuzzerInitialize().

I think the majority of the fuzzers just pass (0, nullptr) and that works fine. Maybe something like `base::i18n::InitializeICU()` also needs to be called before that, but anyway initializing with(0, nulltr) should work fine.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5e6b36726e45714acadbe4a81272155ed06340d5

commit 5e6b36726e45714acadbe4a81272155ed06340d5
Author: Wez <wez@chromium.org>
Date: Mon Jan 14 18:20:44 2019

Don't pass LLVMFuzzerInitialize() args to CommandLine.

LLVMFuzzer seems to pass a bad argv, causing CommandLine switch lookup
to null-dereference in some cases.

Speculatively revert to initializing CommandLine with null argv & argc
to determine whether that is the source of the issue.

Bug: 920924,  920461 
Change-Id: Idf689c53be920b15ec6593a66cb5deb4d5708f69
Reviewed-on: https://chromium-review.googlesource.com/c/1408129
Commit-Queue: Wez <wez@chromium.org>
Reviewed-by: Dale Curtis <dalecurtis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#622516}
[modify] https://crrev.com/5e6b36726e45714acadbe4a81272155ed06340d5/media/test/pipeline_integration_fuzzertest.cc

Re #7: I think Dale's question is more why might LLVMFuzzerInitialize() potentially be passing something that would trigger CommandLine to deref null?

`LLVMFuzzerInitialize` just passes the arguments that were passed to the fuzz target (i.e. "-max_total_time=1234 -use_value_profile=1 ./corpus_directory"). I frankly don't know what `base::CommandLine::Init` expects and why some of the arguments (which are certainly sane values, there are no fuzzing inputs in argv) may lead to null derefs in the CMD parser. Sounds like a bug in the parser, though I won't be surprised if some other initialization routine needs to be called before that.

Re #10: ClusterFuzz hasn't closed this out as no longer repro'ing. Since I can't repro this myself (no Mac) can you find an OWNER to take a look, Dale?