The result is a list of CLs that change the crashed files. 

Author: kolos
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/c8ff75bcb4213239787068128437f9829a2f0de8
Time: Tue Feb 21 09:55:44 2017
Lines 593-601 of file password_autofill_agent.cc which potentially caused crash are changed in this cl (frame #6, "AnnotateFormsWithSignatures").
Minimum distance from crash line to modified line: 0. (file: password_autofill_agent.cc, crashed on: 593, modified: 593).

Issue 694993 has been merged into this issue.

 Issue 694706  has been merged into this issue.

 Issue 694713  has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/319c00e1c8188a7264d674e6bceeb35cb7e6dc63

commit 319c00e1c8188a7264d674e6bceeb35cb7e6dc63
Author: kolos <kolos@chromium.org>
Date: Wed Feb 22 14:23:35 2017

[Autofill] Fast fix of crashes caused by show-autofill-signatures flag.

This CL (https://codereview.chromium.org/2704503002/) caused some crashes. The hidden feature was enabled by default. This CL is a fast fix. I will land the main fix soon (https://codereview.chromium.org/2706403003)

BUG= 694715 
TBR=sebsg@chromium.org

Review-Url: https://codereview.chromium.org/2707263003
Cr-Commit-Position: refs/heads/master@{#452037}

[modify] https://crrev.com/319c00e1c8188a7264d674e6bceeb35cb7e6dc63/components/autofill/content/renderer/password_autofill_agent.cc

kolos@, thank you for the fix. I'm marking it as 'RB-Dev' to track status of the fix.

Users experienced this crash on the following builds:

Mac Canary 58.0.3020.0 -  8.52 CPM, 8 reports, 7 clients (signature autofill::CalculateFieldSignatureByNameAndType)
Mac Canary 58.0.3020.0 -  51.10 CPM, 48 reports, 39 clients (signature blink::beforeCallEnteredCallback)

If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates.

- Go/Fracas

ClusterFuzz has detected this issue as fixed in range 452017:452047.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6610501628067840

Fuzzer: attekett_dom_fuzzer
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: UNKNOWN READ
Crash Address: 0x000000000018
Crash State:
  autofill::PasswordAutofillAgent::SendPasswordForms
  autofill::AutofillAgent::didAssociateFormControlsDynamically
  blink::TimerBase::runInternal
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=451711:451738
Fixed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=452017:452047

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97iJSheuK5sFg-OjFJAi96YDuYYGbNEF-7_ZC-fmIXGHKy9NlrOGIO3J5pcgwFhUVhOE5vmdw908kAQ33fQHWqJNlKnI0PK68aEYCJIFPNbYVJ5PmUiubA7l3VwImniN0cRLnuQmhZefbQZE_sQyAk20DRnuxbWFRmWYdTlODw2Eu1Or_19a0fWtDmQmZRIuHgUHljDciPzl8aW2u1-3D-DXy27tXH-7VWeG9FvhffAv40PIuxPWSOGSWIkf_64FthZce1zlZwo-5Hpf8zWvHn-upU-e1M-OvKM-X1pJc9BweWZk9t4lm7XFhPi6wEpBf-OPskqFRB4HCXYTXPI3dFSZazdl6MeKzJTDnTmlanU6T8xvOZUsyq264K85Iglv2pCh5iJrdvD8VnHemas2SsThcPJww?testcase_id=6610501628067840


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4646629039931392 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ad3699385ecc950b3e27ac7ae3754700445887d1

commit ad3699385ecc950b3e27ac7ae3754700445887d1
Author: kolos <kolos@chromium.org>
Date: Thu Feb 23 13:29:41 2017

[Autofill] Fix of crashes caused by show-autofill-signatures flag

This CL (https://codereview.chromium.org/2704503002/) didn't take into account that |FormData.fields| might be empty if there are more than |kMaxParseableFields|. Also fixed the propagation of show-autofill-signatures flag to the rendered part. Added tests.

BUG= 694715 

Review-Url: https://codereview.chromium.org/2706403003
Cr-Commit-Position: refs/heads/master@{#452476}

[modify] https://crrev.com/ad3699385ecc950b3e27ac7ae3754700445887d1/chrome/browser/about_flags.cc
[modify] https://crrev.com/ad3699385ecc950b3e27ac7ae3754700445887d1/chrome/browser/chrome_content_browser_client.cc
[modify] https://crrev.com/ad3699385ecc950b3e27ac7ae3754700445887d1/chrome/renderer/autofill/password_autofill_agent_browsertest.cc
[modify] https://crrev.com/ad3699385ecc950b3e27ac7ae3754700445887d1/components/autofill/content/renderer/password_autofill_agent.cc
[modify] https://crrev.com/ad3699385ecc950b3e27ac7ae3754700445887d1/components/autofill/content/renderer/password_autofill_agent.h
[modify] https://crrev.com/ad3699385ecc950b3e27ac7ae3754700445887d1/components/autofill/core/common/autofill_util.cc
[modify] https://crrev.com/ad3699385ecc950b3e27ac7ae3754700445887d1/components/autofill/core/common/autofill_util.h
[modify] https://crrev.com/ad3699385ecc950b3e27ac7ae3754700445887d1/tools/metrics/histograms/histograms.xml

 Issue 694987  has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b9f5ee9bda4ee2a12cf64baa8fc0d43fc59b3dbc

commit b9f5ee9bda4ee2a12cf64baa8fc0d43fc59b3dbc
Author: kolos <kolos@chromium.org>
Date: Mon Mar 06 12:01:02 2017

[Password Manager] Check the success of extracting FormData in PasswordForm creation

WebFormElementToFormData might return false (e.g. if there are more than form_util::kMaxParseableFields fields). It means that extracting FormData has failed. Therefore, creating PasswordForm has failed as well.

BUG= 694715 

Review-Url: https://codereview.chromium.org/2715433004
Cr-Commit-Position: refs/heads/master@{#454853}

[modify] https://crrev.com/b9f5ee9bda4ee2a12cf64baa8fc0d43fc59b3dbc/components/autofill/content/renderer/password_form_conversion_utils.cc
[modify] https://crrev.com/b9f5ee9bda4ee2a12cf64baa8fc0d43fc59b3dbc/components/autofill/content/renderer/password_form_conversion_utils_browsertest.cc