jmadill@ could you please look into this.please feel free to re-assigned back if needed. thanks in advance !

Passing to cwallez, care to take a look?

The following revision refers to this bug:
  https://chromium.googlesource.com/angle/angle/+/02bd82cd1d4e9d30e2f53917d97f1980a4e2dbd4

commit 02bd82cd1d4e9d30e2f53917d97f1980a4e2dbd4
Author: Olli Etuaho <oetuaho@nvidia.com>
Date: Thu Nov 03 10:29:43 2016

Fix handling unsized arrays with incorrect initializer

In case the initializer of an unsized array is not an array, the array
size still needs to be set to some value > 0 in order to not hit
asserts in the code that parses accessing the array. An error was
already being generated in the case an unsized array has a non-array
initializer, but the variable will still have an array type in the
symbol table.

BUG= chromium:661592 
TEST=angle_unittests

Change-Id: I4a11527eab0404ba9e59ebb7227faef13dbea62c
Reviewed-on: https://chromium-review.googlesource.com/407256
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Reviewed-by: Jamie Madill <jmadill@chromium.org>
Commit-Queue: Olli Etuaho <oetuaho@nvidia.com>

[modify] https://crrev.com/02bd82cd1d4e9d30e2f53917d97f1980a4e2dbd4/src/compiler/translator/ParseContext.cpp
[modify] https://crrev.com/02bd82cd1d4e9d30e2f53917d97f1980a4e2dbd4/src/tests/compiler_tests/MalformedShader_test.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b42220eced72b0a5333ba28c6dd7ccf3a5178d40

commit b42220eced72b0a5333ba28c6dd7ccf3a5178d40
Author: ynovikov <ynovikov@chromium.org>
Date: Fri Nov 04 19:27:25 2016

Roll ANGLE eb66a6e..bbe9fb5

https://chromium.googlesource.com/angle/angle.git/+log/eb66a6e..bbe9fb5

BUG=None,chromium:568170,chromium:660854,chromium:661592

TEST=bots

CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel

Review-Url: https://codereview.chromium.org/2479673003
Cr-Commit-Position: refs/heads/master@{#429975}

[modify] https://crrev.com/b42220eced72b0a5333ba28c6dd7ccf3a5178d40/DEPS

ClusterFuzz has detected this issue as fixed in range 429934:429988.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4640291090071552

Fuzzer: libfuzzer_angle_translator_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  safeIndex >= 0
  TParseContext::addIndexExpression
  yyparse
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=420312:420423
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=429934:429988

Minimized Testcase (0.51 Kb): https://cluster-fuzz.appspot.com/download/AMIfv949Un6YMtamsYwIeX5B12TKz9IzzDqQrYGoixXskJWpWMUDtTwmTkxhrxhRkP-fBydY0vnQU3OhkgCn-cCd2xA8ZbXWD1onYrC13h30yoEQKO3JW1RCSfgBGY42G9HZgHVhbNL2EJ6LHCr_U_UVjzHpd7kucQ?testcase_id=4640291090071552

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot