chore: cherry-pick 826a4af58b3d from chromium (#23463)

patches/chromium/.patches

@@ -115,4 +115,5 @@ when_suspending_context_don_t_clear_handlers.patch
 use_keepselfalive_on_audiocontext_to_keep_it_alive_until_rendering.patch
 worker_stop_passing_creator_s_origin_for_starting_a_dedicated_worker.patch
 cherry-pick-b69991a9b701.patch
+cherry-pick-826a4af58b3d.patch
 cherry-pick-686d1bfbcb8f.patch

patches/chromium/cherry-pick-826a4af58b3d.patch

@@ -0,0 +1,50 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Mustafa Emre Acer <[email protected]>
+Date: Fri, 10 Apr 2020 00:43:45 +0000
+Subject: Don't decode invalid punycode in URL formatter
+
[email protected]
+
+(cherry picked from commit 50c6e900fc4170a14154cbfea57ade2aa50990b5)
+
+Bug: 1063566
+Change-Id: I631ba68718cf69c5972555d7826b089e27fa5150
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2137872
+Reviewed-by: Peter Kasting <[email protected]>
+Commit-Queue: Peter Kasting <[email protected]>
+Cr-Original-Commit-Position: refs/heads/master@{#756819}
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2144830
+Reviewed-by: Mustafa Emre Acer <[email protected]>
+Cr-Commit-Position: refs/branch-heads/4103@{#62}
+Cr-Branched-From: 8ad47e8d21f6866e4a37f47d83a860d41debf514-refs/heads/master@{#756066}
+
+diff --git a/components/url_formatter/spoof_checks/idn_spoof_checker_unittest.cc b/components/url_formatter/spoof_checks/idn_spoof_checker_unittest.cc
+index e6494eab601089dae772e431ac55546eca7c505c..0159666b957d80d0217f3b7351eb681a491f9b75 100644
+--- a/components/url_formatter/spoof_checks/idn_spoof_checker_unittest.cc
++++ b/components/url_formatter/spoof_checks/idn_spoof_checker_unittest.cc
+@@ -55,6 +55,8 @@ const IDNTestCase kIdnCases[] = {
+     {"www.google.com.", L"www.google.com.", true},
+     {".", L".", true},
+     {"", L"", true},
++    // Invalid IDN
++    {"xn--example-.com", L"xn--example-.com", false},
+     // IDN
+     // Hanzi (Traditional Chinese)
+     {"xn--1lq90ic7f1rc.cn", L"\x5317\x4eac\x5927\x5b78.cn", true},
+diff --git a/components/url_formatter/url_formatter.cc b/components/url_formatter/url_formatter.cc
+index 8ca7fdf58e5cf3e7e3dd3163921e57de4ae664c7..ef8a2e55490a565723c6e096b6a102d06b996fad 100644
+--- a/components/url_formatter/url_formatter.cc
++++ b/components/url_formatter/url_formatter.cc
+@@ -383,9 +383,11 @@ bool IDNToUnicodeOneComponent(const base::char16* comp,
+     return false;
+ 
+   // Early return if the input cannot be an IDN component.
++  // Valid punycode must not end with a dash.
+   static const base::char16 kIdnPrefix[] = {'x', 'n', '-', '-'};
+   if (comp_len <= base::size(kIdnPrefix) ||
+-      memcmp(comp, kIdnPrefix, sizeof(kIdnPrefix)) != 0) {
++      memcmp(comp, kIdnPrefix, sizeof(kIdnPrefix)) != 0 ||
++      comp[comp_len - 1] == '-') {
+     out->append(comp, comp_len);
+     return false;
+   }