Fix timeout in disk_cache_lpm_fuzzer and add improve Key value generation.

Added fuzzy padding to the Key value generation, plus included two known
colliding values to be used with approximately 1% chance.

I was trying to discover crbug.com/973943 with this improvement, but have not
succeeded so far. However, the fuzz target seems to be running much faster now
and keeps discovering new coverage starting from the existing corpus. This is
a good indicator that the change makes sense. I've also compared the code
coverage reports locally to make sure those pieces of code under key size checks
are now getting executed, such as:

https://chromium-coverage.appspot.com/reports/706240_fuzzers_only/linux/chromium/src/net/disk_cache/blockfile/entry_impl.cc.html#L449

and

https://chromium-coverage.appspot.com/reports/706240_fuzzers_only/linux/chromium/src/net/disk_cache/blockfile/entry_impl.cc.html#L793

Also fixed a presubmit warning regarding the use of std::to_string.

Bug: 990644, 973943
Change-Id: I0c7560f700ccaf5e25bda2e1d56f3cb613bbe91f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1865408Reviewed-by: Maksim Orlovich <morlovich@chromium.org>
Commit-Queue: Max Moroz <mmoroz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#707063}

net/disk_cache/disk_cache_fuzzer.cc

@@ -19,6 +19,7 @@
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/scoped_refptr.h"
+#include "base/strings/string_number_conversions.h"
 #include "base/test/task_environment.h"
 #include "base/time/time.h"
 #include "net/base/cache_type.h"
@@ -59,6 +60,12 @@ const uint64_t kFirstSavedTime =
 const uint32_t kMaxNumMillisToWait = 2019;
 const int kMaxFdsSimpleCache = 10;
 
+// Known colliding key values taken from SimpleCacheCreateCollision unittest.
+const std::string kCollidingKey1 =
+    "\xfb\x4e\x9c\x1d\x66\x71\xf7\x54\xa3\x11\xa0\x7e\x16\xa5\x68\xf6";
+const std::string kCollidingKey2 =
+    "\xbc\x60\x64\x92\xbc\xa0\x5c\x15\x17\x93\x29\x2d\xe4\x21\xbd\x03";
+
 #define IOTYPES_APPLY(F) \
   F(WriteData)           \
   F(ReadData)            \
@@ -228,7 +235,15 @@ inline base::RepeatingCallback<void(int)> GetIOCallback(IOType iot) {
 }
 
 std::string ToKey(uint64_t key_num) {
-  return "Key" + std::to_string(key_num);
+  // Use one of the two colliding key values in 1% of executions.
+  if (key_num % 100 == 99)
+    return kCollidingKey1;
+  if (key_num % 100 == 98)
+    return kCollidingKey2;
+
+  // Otherwise, use a value based on the key id and fuzzy padding.
+  std::string padding(key_num & 0xFFFF, 'A');
+  return "Key" + padding + base::NumberToString(key_num);
 }
 
 net::RequestPriority GetRequestPriority(
@@ -420,6 +435,11 @@ bool DiskCacheLPMFuzzer::IsValidEntry(EntryInfo* ei) {
 
 void DiskCacheLPMFuzzer::RunCommands(
     const disk_cache_fuzzer::FuzzCommands& commands) {
+  // Skip too long command sequences, they are counterproductive for fuzzing.
+  // The number was chosen empirically using the existing fuzzing corpus.
+  if (commands.fuzz_commands_size() > 129)
+    return;
+
   uint32_t mask =
       commands.has_set_mask() ? (commands.set_mask() ? 0x1 : 0xf) : 0;
   net::CacheType type =