Suspected CLs	Git blame below is NOT necessarily who introduced the crash nor the owner for it. Please check the code before assigning to anyone.(No CL in the regression range changed the crashing files.)

Author: Olli Etuaho
Project: chromium-angle
Changelist: https://chromium.googlesource.com/angle/angle.git/+/fc0e2bc0b7e4780dec62a356880ef7d12362e5d2
Time: Thu Apr 16 10:39:56 2015
The CL last changed line 219 of file IntermNode.cpp, which is stack frame 1.

Author: Olli Etuaho
Project: chromium-angle
Changelist: https://chromium.googlesource.com/angle/angle.git/+/fc0e2bc0b7e4780dec62a356880ef7d12362e5d2
Time: Thu Apr 16 10:39:56 2015
The CL last changed line 2782 of file IntermNode.cpp, which is stack frame 2.

Author: Olli Etuaho
Project: chromium-angle
Changelist: https://chromium.googlesource.com/angle/angle.git/+/c68331151337369f03a35da14c98cb58c006f996
Time: Wed Apr 22 12:15:54 2015
The CL last changed line 28 of file PruneEmptyDeclarations.cpp, which is stack frame 3.

Author: Olli Etuaho
Project: chromium-angle
Changelist: https://chromium.googlesource.com/angle/angle.git/+/c68331151337369f03a35da14c98cb58c006f996
Time: Wed Apr 22 12:15:54 2015
The CL last changed line 325 of file Compiler.cpp, which is stack frame 4.

Author: Olli Etuaho
Project: chromium-angle
Changelist: https://chromium.googlesource.com/angle/angle.git/+/a3a5cc6ab6fb13a0203a359141fa1985208e189a
Time: Fri Feb 13 11:12:22 2015
The CL last changed line 476 of file Compiler.cpp, which is stack frame 5.

Author: Corentin Wallez
Project: chromium-angle
Changelist: https://chromium.googlesource.com/angle/angle.git/+/28b6528ca2119d6715bb5e9eafa5a2dc8c968361
Time: Thu Jun 16 14:24:50 2016
The CL last changed line 159 of file translator_fuzzer.cpp, which is stack frame 6.

Suspected Project: chromium-angle
Suspected Component: Internals>GPU>ANGLE
==========================================================
Unable to find the exact suspect using the code search. Assigning to Corentin for help in further investigation and more inputs on this.

Taking a look, it is probably related the Olli's refactoring of TIntermAggregate.

The crash repros with "void main() {for(int; false;);}". Sent this minimal repro to Olli so he can investigate. It is caused by PruneDeclaration wanting to prune the int; declaration and assuming its parent is a TIntermBlock when it really is a TIntermLoop.

ClusterFuzz has detected this issue as fixed in range 426965:426983.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5107704660230144

Fuzzer: libfuzzer_angle_translator_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000080
Crash State:
  TIntermAggregate::replaceChildNodeWithMultiple
  TIntermTraverser::updateTree
  PruneEmptyDeclarationsTraverser::apply
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=423381:423433
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=426965:426983

Minimized Testcase (0.53 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94g8eoCz_WeNM6O0W3650kI6zKZsnogm9ugyoAa7MBL2U7POyInFwg1jo56vxa4KYo2NrUY_SzEsF7bQ5leZ-D5fopQh3OIrJ1knBcJxXyn86y_s_Zalm_U9eDvV0os8bmOSKfZrbiS3tNoqHNCgeLLzlNVgQ?testcase_id=5107704660230144

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot