Suspected CLs	The result is a list of CLs that change the crashed files.

Author: japhet
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/d3d417564b290e70dc50bab63dc22a8889924be3
Time: Mon Jul 25 20:04:53 2016
Files Resource.cpp, ImageResource.cpp are changed in this cl (and is part of stack frame #0, "blink::Resource::appendData")
Minimum distance from crash line to modified line: 37. (file: Resource.cpp, crashed on: 363, modified: 400).

Suspected Project: chromium
Suspected Component: Blink>Loader

Based on the above findit result assigning to japhet@ for further investigation of this.

Thank you! 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2fb53d05488ff879e38553839f174f15af2af39b

commit 2fb53d05488ff879e38553839f174f15af2af39b
Author: japhet <japhet@chromium.org>
Date: Mon Aug 22 21:34:48 2016

ImageDocumentParser should stop sending data to ImageResource once decoding fails.

BUG= 635448 
TEST=WebFrameTest.ImageDocumentDecodeError

Review-Url: https://codereview.chromium.org/2262833002
Cr-Commit-Position: refs/heads/master@{#413539}

[modify] https://crrev.com/2fb53d05488ff879e38553839f174f15af2af39b/third_party/WebKit/Source/core/html/ImageDocument.cpp
[modify] https://crrev.com/2fb53d05488ff879e38553839f174f15af2af39b/third_party/WebKit/Source/web/tests/WebFrameTest.cpp
[add] https://crrev.com/2fb53d05488ff879e38553839f174f15af2af39b/third_party/WebKit/Source/web/tests/data/not_an_image.ico

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b2a8e95798c79844c95f9af6fec979500ba09eff

commit b2a8e95798c79844c95f9af6fec979500ba09eff
Author: megjablon <megjablon@chromium.org>
Date: Mon Aug 22 23:56:41 2016

Revert of ImageDocumentParser should stop sending data to ImageResource once decoding fails. (patchset #3 id:40001 of https://codereview.chromium.org/2262833002/ )

Reason for revert:
Reverting due to webkit_unit_test failures on builder "Mac ASan 64 Tests (1)":

https://build.chromium.org/p/chromium.memory/builders/Mac%20ASan%2064%20Tests%20(1)

Output from
https://build.chromium.org/p/chromium.memory/builders/Mac%20ASan%2064%20Tests%20%281%29/builds/20849/steps/webkit_unit_tests%20on%20Mac-10.9/logs/stdio

[ RUN      ] WebFrameTest.ImageDocumentDecodeError
[       OK ] WebFrameTest.ImageDocumentDecodeError (87 ms)
[562/3806] WebFrameTest.ImageDocumentDecodeError (87 ms)
[ RUN      ] CompositedSelectionBoundsTest.None
ASAN:DEADLYSIGNAL
=================================================================
==91966==ERROR: AddressSanitizer: SEGV on unknown address 0x000045e0360e (pc 0x000045e0360e bp 0x7fff5f436950 sp 0x7fff5f436398 T0)
==91966==The signal is caused by a READ memory access.
    #0 0x45e0360d in
Traceback (most recent call last):
  File "/b/swarm_slave/w/irrExke3/tools/valgrind/asan/asan_symbolize.py", line 271, in <module>
    main()
  File "/b/swarm_slave/w/irrExke3/tools/valgrind/asan/asan_symbolize.py", line 268, in main
    loop.process_logfile()
  File "/b/swarm_slave/w/irrExke3/tools/valgrind/asan/third_party/asan_symbolize.py", line 416, in process_logfile
    processed = self.process_line(line)
  File "/b/swarm_slave/w/irrExke3/tools/valgrind/asan/third_party/asan_symbolize.py", line 439, in process_line_posix
    symbolized_line = self.symbolize_address(addr, binary, offset)
  File "/b/swarm_slave/w/irrExke3/tools/valgrind/asan/third_party/asan_symbolize.py", line 393, in symbolize_address
    result = symbolizers[binary].symbolize(addr, binary, offset)
  File "/b/swarm_slave/w/irrExke3/tools/valgrind/asan/third_party/asan_symbolize.py", line 244, in symbolize
    result = symbolizer.symbolize(addr, binary, offset)
  File "/b/swarm_slave/w/irrExke3/tools/valgrind/asan/third_party/asan_symbolize.py", line 216, in symbolize
    atos_line = self.atos.convert('0x%x' % int(offset, 16))
  File "/b/swarm_slave/w/irrExke3/tools/valgrind/asan/third_party/asan_symbolize.py", line 192, in convert
    self.w.write(line + "\n")
IOError: [Errno 5] Input/output error

Original issue's description:
> ImageDocumentParser should stop sending data to ImageResource once decoding fails.
>
> BUG= 635448 
> TEST=WebFrameTest.ImageDocumentDecodeError
>
> Committed: https://crrev.com/2fb53d05488ff879e38553839f174f15af2af39b
> Cr-Commit-Position: refs/heads/master@{#413539}

TBR=pdr@chromium.org,japhet@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= 635448 

Review-Url: https://codereview.chromium.org/2264333002
Cr-Commit-Position: refs/heads/master@{#413587}

[modify] https://crrev.com/b2a8e95798c79844c95f9af6fec979500ba09eff/third_party/WebKit/Source/core/html/ImageDocument.cpp
[modify] https://crrev.com/b2a8e95798c79844c95f9af6fec979500ba09eff/third_party/WebKit/Source/web/tests/WebFrameTest.cpp
[delete] https://crrev.com/06ed71dfa04dd2cd44a4802630ddf192312ea61a/third_party/WebKit/Source/web/tests/data/not_an_image.ico

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/384d60011ae7e0cf54a65b977d1894e20733de6e

commit 384d60011ae7e0cf54a65b977d1894e20733de6e
Author: japhet <japhet@chromium.org>
Date: Sat Aug 27 11:02:35 2016

ImageDocumentParser should stop sending data to ImageResource once decoding fails.

BUG= 635448 
TEST=WebFrameTest.ImageDocumentDecodeError

Review-Url: https://codereview.chromium.org/2261403004
Cr-Commit-Position: refs/heads/master@{#414917}

[modify] https://crrev.com/384d60011ae7e0cf54a65b977d1894e20733de6e/third_party/WebKit/Source/core/html/ImageDocument.cpp
[modify] https://crrev.com/384d60011ae7e0cf54a65b977d1894e20733de6e/third_party/WebKit/Source/web/tests/WebFrameTest.cpp
[add] https://crrev.com/384d60011ae7e0cf54a65b977d1894e20733de6e/third_party/WebKit/Source/web/tests/data/not_an_image.ico

ClusterFuzz has detected this issue as fixed in range 414882:414933.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4505548638912512

Fuzzer: ochang_search_index_mutator
Job Type: linux_debug_chrome
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  !errorOccurred()
  blink::Resource::appendData
  blink::ImageResource::appendData
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_chrome&range=407480:407711
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_chrome&range=414882:414933

Minimized Testcase (32.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96T1cw4xutDJ2RmxGtq1cZIxrT_ZcV0JQtTcTmpBO2eKZSjF52gWIpGfPo2-dVwt_JApjW4DTkOoMiLVUiNqKn0ONxY7yHKEKc5g464qT5EVZlBymxppPSfAFNpiNwwFq9GcoP8f08dJcVkBoqltLHP4EFaQl9cq1LiOywkmQX6GAX4Eps?testcase_id=4505548638912512

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot