Suspected CLs	Findit could not determine the memory tool from the stacktrace. Is it in a new format?


jaydasika@: Could you please take a look and help in investigating this further for your related work on https://codereview.chromium.org/2222163006

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3c5633df9d4176f622a9a234e3add677da92dd20

commit 3c5633df9d4176f622a9a234e3add677da92dd20
Author: jaydasika <jaydasika@chromium.org>
Date: Thu Aug 25 00:39:22 2016

cc : Remove DCHECK in TransformTree::ComputeTranslation

Though ComputeTranslation should result in a translation transform, we
can end up with non-translation transforms when we have noisy transforms.

BUG= 639203 
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel

Review-Url: https://codereview.chromium.org/2271273003
Cr-Commit-Position: refs/heads/master@{#414227}

[modify] https://crrev.com/3c5633df9d4176f622a9a234e3add677da92dd20/cc/trees/layer_tree_host_common_unittest.cc
[modify] https://crrev.com/3c5633df9d4176f622a9a234e3add677da92dd20/cc/trees/property_tree.cc

ClusterFuzz has detected this issue as fixed in range 414207:414243.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5870069722906624

Fuzzer: marty_html_twiddler
Job Type: linux_debug_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  transform->IsApproximatelyIdentityOrTranslation(SkDoubleToMScalar(1e-4)) in prop
  cc::TransformTree::ComputeTranslation
  cc::TransformTree::UpdateLocalTransform
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_chrome&range=411073:411126
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_chrome&range=414207:414243

Minimized Testcase (1.09 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv95YNjI8nBSm-Qupfsn8oAbHHr5-3EXVXPYg4Q-_knWiaiDCuOwVwOGfbBgXUQZUztqwc_9zIC47t4z78kB_z38hGTvwoxYNkZFt-zdlFJBmO2RkKwDk7eFZSc-G_lDIdULzIgHsVALkmGeX5KchLiPr7W6_Ew?testcase_id=5870069722906624
>
<style>
.c8 { position: relative; float: left; }
.c8:nth-child(odd) { border-style: ridge; -webkit-transform: rotate3d(0, 1, 0, 90deg); }
.c11 { visibility: inherit; height: 10px; zoom: 0.1; -webkit-backface-visibility: hidden; }
.c11[class~="c11"] { visibility: visible; overflow: auto;</style>
<script>
var nodes = Array();
 nodes[4] = document.createElement('rp'); 
 document.documentElement.appendChild(nodes[4]); 
 nodes[12] = document.createElement('br'); 
 document.documentElement.appendChild(nodes[12]); 
 nodes[13] = document.createElement('figcaption'); 
 document.documentElement.appendChild(nodes[13]); 
 nodes[15] = document.createElement('article'); 
 document.documentElement.appendChild(nodes[15]); 
 nodes[16] = document.createElement('figcaption'); 
 nodes[16].setAttribute('class', 'c11'); 
 nodes[23] = document.createElement('form'); 
 nodes[23].setAttribute('class', 'c8'); 
 document.documentElement.appendChild(nodes[23]); 
 nodes[86] = document.createElement('i'); 
 nodes[86].setAttribute('class', 'c8'); 
 nodes[23].appendChild(nodes[16]); 
 nodes[16].appendChild(nodes[86]); 
</script>


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot