based on predator results, assigning to oetuaho@ could you please check the issue and help.

The result is a list of CLs that change the crashed files. 

Author: Olli Etuaho
Project: chromium-angle
Changelist: https://chromium.googlesource.com/angle/angle.git/+/72d1020e0531588611f33dd4b815e5a93c7d45f4
Time: Thu Jan 19 15:58:30 2017
Files ParseContext.cpp, glslang_tab.cpp are changed in this cl (and is part of stack frame #2, "sh::TParseContext::executeInitializer"; frame #3, "sh::TParseContext::parseSingleInitDeclaration"; frame #5, "sh::PaParseStrings")
Minimum distance from crash line to modified line: 64. (file: ParseContext.cpp, crashed on: 4565, modified: 4501).

Looks like this issue may have already been fixed by ANGLE commit 17a5c06.

Olli, can you link to the CL? Let's close this out, if you're reasonably sure.

The stack trace in the bug description looks different from what I'd expect, so not 100% sure. But the CreateZero patch did fix at least one issue with my patch. Here's the review link to the fix: https://chromium-review.googlesource.com/#/c/431001/

It looks as if I'm now able to download fuzz test cases from bugs I own, but I'm not sure how to replay them so I could verify the fix. Are there instructions somewhere?

Corentin, what are the replay instructions for fuzzer bugs? Did you ever make a utility to extract shaders and settings from fuzzer cases? Re-opening.

For fuzzer bugs the repro instruction is to run angle_translator_fuzzer path/to/fuzzer/case

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more info.

If the CreateZero patch fixed this then it Clusterfuzz should close the bug on the next ANGLE roll.

ClusterFuzz has detected this issue as fixed in range 447390:447629.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4683968160202752

Fuzzer: libfuzzer_angle_translator_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  sh::TIntermTraverser::traverseAggregate
  sh::ValidateGlobalInitializer
  sh::TParseContext::executeInitializer
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=446989:447041
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=447390:447629

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97-fxXVnL8cjc-3Nmlyd5NyuXp1e04SWTT-Khz-82du6tFuaGk2rixX9asQxC3oKVqe-oeQBs5Yn3yEVFZddUXeTxmFwAKt7gqE1EvDW1MIljGEUnW9Imu_LdxPHF3E_56Y6WY_WVgCxPZT-gvlYheavopZbJuSms0ONX3_7h7xfoiXYdblb3eiqQ_QJAICNJijuXGCPQK4cDXAbt9AmjF3ayaQ8ZD7Xy7Hccu1eq-KkDE4iQjydLruXDKJU1qzJmJRweHgkpQJDQaKm5NZ3rjv5F3OLrgXQIo-jk1C6_ca30mSarDa-9s9y_tLEBiJ_Smn54B5rQ9678IbSdtkk6NpUCv5uSco1q-eboUVB_vw2B4eWik?testcase_id=4683968160202752


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4683968160202752 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.