Fix QpackRoundTripFuzzer when cookies are split along '\0'.

The root of the issue is that ValueSplittingHeaderList splits the value of the
cookie header along '\0', but SpdyHeaderBlock::AppendValueOrAddHeader() joins
them with "; " separators.  The long term solution will be changing
ValueSplittingHeaderList to split cookies along semicolons, but this logic in
QpackRoundTripFuzzer will still be necessary, becaue "value1;value2" will be
transformed by an encoding-decoding round-trip to "value1; value2", which
QpackRoundTripFuzzer should not crash on.

Also include regular and minimized test cases from b/131395084, b/131409242, and
https://crbug.com/957840.

gfe-relnote: n/a.  Change in fuzzer only.
PiperOrigin-RevId: 247281474
Change-Id: I405066d45ae5e6cbf4c53d8a4f3afb1d0f6b3327

quic/core/qpack/fuzzer/qpack_round_trip_fuzzer.cc

diff --git a/quic/core/qpack/fuzzer/qpack_round_trip_fuzzer.cc b/quic/core/qpack/fuzzer/qpack_round_trip_fuzzer.cc
index 15608da..5b7f8d3 100644
--- a/quic/core/qpack/fuzzer/qpack_round_trip_fuzzer.cc
+++ b/quic/core/qpack/fuzzer/qpack_round_trip_fuzzer.cc
@@ -8,6 +8,7 @@
 
 #include "net/third_party/quiche/src/quic/core/qpack/qpack_decoder_test_utils.h"
 #include "net/third_party/quiche/src/quic/core/qpack/qpack_encoder_test_utils.h"
+#include "net/third_party/quiche/src/quic/core/qpack/value_splitting_header_list.h"
 #include "net/third_party/quiche/src/quic/platform/api/quic_fuzzed_data_provider.h"
 #include "net/third_party/quiche/src/spdy/core/spdy_header_block.h"
 
@@ -142,8 +143,15 @@
   CHECK(handler.decoding_completed());
   CHECK(!handler.decoding_error_detected());
 
+  // Encoder splits |header_list| header keys along '\0' characters.  Do the
+  // same so that we get matching results.
+  ValueSplittingHeaderList splitting_header_list(&header_list);
+  spdy::SpdyHeaderBlock expected_header_list;
+  for (const auto& header : splitting_header_list) {
+    expected_header_list.AppendValueOrAddHeader(header.first, header.second);
+  }
   // Compare resulting header list to original.
-  CHECK(header_list == handler.ReleaseHeaderList());
+  CHECK(expected_header_list == handler.ReleaseHeaderList());
 
   return 0;
 }

quic/core/qpack/fuzzer/qpack_round_trip_fuzzer_corpus/testcase_b_131395084

diff --git a/quic/core/qpack/fuzzer/qpack_round_trip_fuzzer_corpus/testcase_b_131395084 b/quic/core/qpack/fuzzer/qpack_round_trip_fuzzer_corpus/testcase_b_131395084
new file mode 100644
index 0000000..1d8e3d6
--- /dev/null
+++ b/quic/core/qpack/fuzzer/qpack_round_trip_fuzzer_corpus/testcase_b_131395084
Binary files differ

quic/core/qpack/fuzzer/qpack_round_trip_fuzzer_corpus/testcase_b_131395084_minimized

diff --git a/quic/core/qpack/fuzzer/qpack_round_trip_fuzzer_corpus/testcase_b_131395084_minimized b/quic/core/qpack/fuzzer/qpack_round_trip_fuzzer_corpus/testcase_b_131395084_minimized
new file mode 100644
index 0000000..4ae6054
--- /dev/null
+++ b/quic/core/qpack/fuzzer/qpack_round_trip_fuzzer_corpus/testcase_b_131395084_minimized
Binary files differ

quic/core/qpack/fuzzer/qpack_round_trip_fuzzer_corpus/testcase_b_131409242

diff --git a/quic/core/qpack/fuzzer/qpack_round_trip_fuzzer_corpus/testcase_b_131409242 b/quic/core/qpack/fuzzer/qpack_round_trip_fuzzer_corpus/testcase_b_131409242
new file mode 100644
index 0000000..b7e3fe0
--- /dev/null
+++ b/quic/core/qpack/fuzzer/qpack_round_trip_fuzzer_corpus/testcase_b_131409242
Binary files differ

quic/core/qpack/fuzzer/qpack_round_trip_fuzzer_corpus/testcase_b_131409242_minimized

diff --git a/quic/core/qpack/fuzzer/qpack_round_trip_fuzzer_corpus/testcase_b_131409242_minimized b/quic/core/qpack/fuzzer/qpack_round_trip_fuzzer_corpus/testcase_b_131409242_minimized
new file mode 100644
index 0000000..cc5bce1
--- /dev/null
+++ b/quic/core/qpack/fuzzer/qpack_round_trip_fuzzer_corpus/testcase_b_131409242_minimized
Binary files differ

quic/core/qpack/fuzzer/qpack_round_trip_fuzzer_corpus/testcase_crbug_957840

diff --git a/quic/core/qpack/fuzzer/qpack_round_trip_fuzzer_corpus/testcase_crbug_957840 b/quic/core/qpack/fuzzer/qpack_round_trip_fuzzer_corpus/testcase_crbug_957840
new file mode 100644
index 0000000..50f2fcb
--- /dev/null
+++ b/quic/core/qpack/fuzzer/qpack_round_trip_fuzzer_corpus/testcase_crbug_957840
Binary files differ

quic/core/qpack/fuzzer/qpack_round_trip_fuzzer_corpus/testcase_crbug_957840_minimized

diff --git a/quic/core/qpack/fuzzer/qpack_round_trip_fuzzer_corpus/testcase_crbug_957840_minimized b/quic/core/qpack/fuzzer/qpack_round_trip_fuzzer_corpus/testcase_crbug_957840_minimized
new file mode 100644
index 0000000..3d48371
--- /dev/null
+++ b/quic/core/qpack/fuzzer/qpack_round_trip_fuzzer_corpus/testcase_crbug_957840_minimized
Binary files differ