Fix variable type in base_json_reader_fuzzer.cc.

Previous version of fuzzer used std::string, which in
C++11 nul-terminates, but actual caller expects
base::StringPiece which does not. This failed to catch
an overflow bug, so switch to using base::StringPiece.
Also revert "base_json_reader_fuzzer: Sanitizer-poison memory around the input buffer."
since the change is unneeded.

This reverts commit 845bbd0e.

R=rsesek@chromium.org

Change-Id: I8abffc3f2931818711119406effa685b1d368659
Reviewed-on: https://chromium-review.googlesource.com/959564
Commit-Queue: Abhishek Arya <inferno@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#542623}

testing/libfuzzer/fuzzers/base_json_reader_fuzzer.cc

@@ -10,21 +10,6 @@
 #include "base/json/json_reader.h"
 #include "base/values.h"
 
-#if defined(ADDRESS_SANITIZER)
-#include <sanitizer/asan_interface.h>
-#define POISON(address, size) __asan_poison_memory_region(address, size)
-#define UNPOISON(address, size) __asan_unpoison_memory_region(address, size)
-#elif defined(MEMORY_SANITIZER)
-#include <sanitizer/msan_interface.h>
-#define POISON(address, size) __msan_poison(address, size)
-#define UNPOISON(address, size) __msan_unpoison(address, size)
-#else
-#define POISON(address, size)
-#define UNPOISON(address, size)
-#endif
-
-constexpr size_t kPoisonSize = 1024;
-
 int error_code, error_line, error_column;
 std::string error_message;
 
@@ -33,23 +18,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   if (size < 1)
     return 0;
 
-  // Create a larger buffer than |size|, tell the sanitizer to poison
-  // around the edges, and copy the input into the middle. This will help
-  // detect buffer over-reads.
-  std::unique_ptr<uint8_t[]> input(new uint8_t[size + 2 * kPoisonSize]);
-  POISON(input.get(), kPoisonSize);
-  POISON(input.get() + kPoisonSize + size, kPoisonSize);
-  memcpy(input.get() + kPoisonSize, data, size);
-
-  base::StringPiece input_string(
-      reinterpret_cast<char*>(input.get() + kPoisonSize), size);
-
+  const base::StringPiece input_string(reinterpret_cast<const char*>(data),
+                                       size - 1);
   const int options = data[size - 1];
   base::JSONReader::ReadAndReturnError(input_string, options, &error_code,
                                        &error_message, &error_line,
                                        &error_column);
-
-  UNPOISON(input.get(), size + 2 * kPoisonSize);
-
   return 0;
 }