Fix bounds check in platform JSON parser.
WTF::Strings are not null-terminated, so this error would cause a single
character to be read past the end of the string, if the string ends in an
unfinished escape sequence.
(This parser is not currently used by any code in blink)
This also adds a test that would have caught this error, if run on an MSAN
bot, and fixes the same code in the DevTools parser. The DevTools parser
would not trigger an out-of-bounds read in the same situation, since it
operates on null-terminated string data.
Also added is the fuzzer which caught the issue in the first place.
BUG=651166
R=dgozman@chromium.org, mmoroz@chromium.org, pfeldman@chromium.org, pfeldman
Review URL: https://codereview.chromium.org/2380823002 .
Cr-Original-Commit-Position: refs/heads/master@{#422702}
Cr-Mirrored-From: https://chromium.googlesource.com/chromium/src
Cr-Mirrored-Commit: d6b7b063aaa06b780d5fb5b575531bd757f95c19
1 file changed
