May be a dupe of  issue 703724 .

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2bc02b13dbedfdcaadfbf5b9f2f7e2e51229d0ad

commit 2bc02b13dbedfdcaadfbf5b9f2f7e2e51229d0ad
Author: geofflang <geofflang@chromium.org>
Date: Wed Mar 22 20:49:58 2017

gpu_fuzzer: Destroy the command decoder before the context.

The decoder Destroy method is passed 'true' for 'has_context' which was
untrue given the ordering of the statements.

BUG= 703861 
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel

Review-Url: https://codereview.chromium.org/2767093003
Cr-Commit-Position: refs/heads/master@{#458867}

[modify] https://crrev.com/2bc02b13dbedfdcaadfbf5b9f2f7e2e51229d0ad/gpu/command_buffer/tests/fuzzer_main.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/bdd9f645d6e6bb56bfa31c74c88a8842fda5d9d1

commit bdd9f645d6e6bb56bfa31c74c88a8842fda5d9d1
Author: geofflang <geofflang@chromium.org>
Date: Wed Mar 22 20:51:28 2017

Make sure buffers are large enough to hold the Result structure.

The passthrough command decoder would correctly compute that it cannot
write any results to the buffer but would still write out of bounds when
trying to write the size member of the result when the buffer size is 0.

BUG= 703861 
BUG= 703724 
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel

Review-Url: https://codereview.chromium.org/2764403002
Cr-Commit-Position: refs/heads/master@{#458868}

[modify] https://crrev.com/bdd9f645d6e6bb56bfa31c74c88a8842fda5d9d1/gpu/command_buffer/build_gles2_cmd_buffer.py
[modify] https://crrev.com/bdd9f645d6e6bb56bfa31c74c88a8842fda5d9d1/gpu/command_buffer/service/common_decoder.cc
[modify] https://crrev.com/bdd9f645d6e6bb56bfa31c74c88a8842fda5d9d1/gpu/command_buffer/service/common_decoder.h
[modify] https://crrev.com/bdd9f645d6e6bb56bfa31c74c88a8842fda5d9d1/gpu/command_buffer/service/gles2_cmd_decoder_passthrough_handlers.cc
[modify] https://crrev.com/bdd9f645d6e6bb56bfa31c74c88a8842fda5d9d1/gpu/command_buffer/service/gles2_cmd_decoder_passthrough_handlers_autogen.cc

ClusterFuzz has detected this issue as fixed in range 458862:458900.

Detailed report: https://clusterfuzz.com/testcase?key=5362430227251200

Fuzzer: libfuzzer_gpu_angle_passthrough_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Heap-buffer-overflow WRITE 4
Crash Address: 0x603000004be0
Crash State:
  gpu::gles2::SizedResult<unsigned int>::SetNumResults
  gpu::gles2::GLES2DecoderPassthroughImpl::HandleGetUniformuiv
  gpu::gles2::GLES2DecoderPassthroughImpl::DoCommands
  
Sanitizer: address (ASAN)

Recommended Security Severity: High

Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=458862:458900

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv96BNSdSJ-OqyNl3BeldPkHE0B0ejcO6-NhhvnTBbxWmme0-nvAxJEWI9FgsthgoReEoIT6j9BSyu_1Hfb-IIh7BZg5aEdrEJMKoeZjtobCen2igQfwKt83hAnbuhXrl8FTZM0O_WjeXcGvdc0pb8wt0hvddgh-7odk4bbPyKfiRYZpiOpIydMLv1q_fAWo5lwpXKzW7Wl3pXjwzgQ4hcZQ0qKVmIENRZs3CYJHVB14nl3O126eoTOyvSvcqaN22HNEuokg_K4tY6xc890u1HUoWUH4LiZ6xAAchnOpnx-YiQMW9ynKbuAxSd_e921BCPf8kYycou_EWcgY9Or60I7FC0V9754N6xYkHSMZJ24AmYVRe8AoD8EsCAyB968yNwCEWMPKzqPR7wVomg9GCBd6jB340IA?testcase_id=5362430227251200


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5362430227251200 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Your change meets the bar and is auto-approved for M58. Please go ahead and merge the CL to branch 3029 manually. Please contact milestone owner if you have questions.
Owners: amineer@(Android), cmasso@(iOS), bhthompson@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Ugh, not sure why this got Merge-Request because this code is not (yet) used in prod.

This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible!

If all merges have been completed, please remove any remaining Merge-Approved labels from this issue.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

I think it is an automatic Clusterfuzz feature. Removing the label

Fixing up labels so sheriffbot is less confused :-)

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot