Assigning to the concern owner from Predator results --
The result is a list of CLs that change the crashed files. 

Author: Olli Etuaho
Project: chromium-angle
Changelist: https://chromium.googlesource.com/angle/angle.git/+/fe48632f2f47f9513c0557c331a8f346ed92c82d
Time: Tue Mar 21 09:30:54 2017
Lines 311-316, 611-612, 634-641 of file IntermNode.cpp which potentially caused crash are changed in this cl (frame #9, "sh::TIntermAggregate::CreateConstructor"; frame #10, "sh::TIntermTyped::CreateZero"; frame #11, "sh::TIntermTyped::CreateZero").
Minimum distance from crash line to modified line: 0. (file: IntermNode.cpp, crashed on: 640, modified: 640).

@Olli Etuaho -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Patch in review: https://chromium-review.googlesource.com/c/492887/

The following revision refers to this bug:
  https://chromium.googlesource.com/angle/angle/+/193c0950cf5652cf51a699dc0fc6f030fb34bc6c

commit 193c0950cf5652cf51a699dc0fc6f030fb34bc6c
Author: Olli Etuaho <oetuaho@nvidia.com>
Date: Wed May 03 09:00:54 2017

Fix assert when attempting to create a void array node

TIntermTyped::CreateZero can be reached with a void array type in an
error case. Handle this gracefully instead of asserting.

Also remove an assert that wasn't really checking anything in
CreateZero. type.isScalar() || type.isVector() || type.isMatrix() can
only be false in case of a struct, and struct type was being checked
in the condition on the line above.

BUG= chromium:717385 
TEST=angle_unittests

Change-Id: Iff0811d18d399d7b32b2b46deea5df172412eb8c
Reviewed-on: https://chromium-review.googlesource.com/492887
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Reviewed-by: Jamie Madill <jmadill@chromium.org>
Commit-Queue: Olli Etuaho <oetuaho@nvidia.com>

[modify] https://crrev.com/193c0950cf5652cf51a699dc0fc6f030fb34bc6c/src/tests/compiler_tests/ShaderValidation_test.cpp
[modify] https://crrev.com/193c0950cf5652cf51a699dc0fc6f030fb34bc6c/src/compiler/translator/IntermNode.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/97af8a5b4bd46c78ecb55287d6c680b0232bef6d

commit 97af8a5b4bd46c78ecb55287d6c680b0232bef6d
Author: cwallez <cwallez@chromium.org>
Date: Wed May 03 15:54:45 2017

Roll ANGLE d262799..ba29fa4

https://chromium.googlesource.com/angle/angle.git/+log/d262799..ba29fa4

BUG= chromium:717558 , chromium:717385 

TBR=geofflang@chromium.org

TEST=bots

CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel

Review-Url: https://codereview.chromium.org/2860743002
Cr-Commit-Position: refs/heads/master@{#468988}

[modify] https://crrev.com/97af8a5b4bd46c78ecb55287d6c680b0232bef6d/DEPS

ClusterFuzz has detected this issue as fixed in range 468644:469228.

Detailed report: https://clusterfuzz.com/testcase?key=6239252448018432

Fuzzer: libfuzzer_angle_translator_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  constructorNode->isConstructor()
  sh::TIntermAggregate::CreateConstructor
  sh::TIntermTyped::CreateZero
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=460711:460952
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=468644:469228

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6239252448018432


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6239252448018432 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.