Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/72bb29070e415e215e2a0095b9266c3ec1c75599 (gpu fuzzers: take configuration bits from input data).

If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.

This DCHECK says we have an error at the end of the IsGL_REDSupportedOnFBOs function. Unfortunately, all this says is that there was an error before (because we don't suppress errors on entry). In this particular case, the error is completely unrelated, it happened in an earlier command, namely:

#1  0x00007ffff0facd48 in (anonymous namespace)::ValidImageDataSize (context=0x2b5a4c780020, textureTarget=3553, width=4, height=1, depth=1, format=36249, type=5124, pixels=0x2b5a4c83b7a0, imageSize=-1)
    at ../../third_party/angle/src/libANGLE/validationES.cpp:1034
#2  0x00007ffff0fe4d0c in (anonymous namespace)::ValidateES3TexImageParametersBase (context=0x2b5a4c780020, target=3553, level=0, internalformat=0, isCompressed=false, isSubImage=true, xoffset=0, yoffset=0, 
    zoffset=0, width=4, height=1, depth=1, border=0, format=36249, type=5124, imageSize=-1, pixels=0x2b5a4c83b7a0) at ../../third_party/angle/src/libANGLE/validationES3.cpp:428
#3  0x00007ffff0fe556c in (anonymous namespace)::ValidateES3TexImage2DParameters (context=0x2b5a4c780020, target=3553, level=0, internalformat=0, isCompressed=false, isSubImage=true, xoffset=0, yoffset=0, 
    zoffset=0, width=4, height=1, depth=1, border=0, format=36249, type=5124, imageSize=-1, pixels=0x2b5a4c83b7a0) at ../../third_party/angle/src/libANGLE/validationES3.cpp:489
#4  0x00007ffff0fcd211 in (anonymous namespace)::ValidateTexSubImage2D (context=0x2b5a4c780020, target=3553, level=0, xoffset=0, yoffset=0, width=4, height=1, format=36249, type=5124, pixels=0x2b5a4c83b7a0)
    at ../../third_party/angle/src/libANGLE/validationES2.cpp:2640
#5  0x00007ffff0d0c632 in (anonymous namespace)::TexSubImage2D (target=3553, level=0, xoffset=0, yoffset=0, width=4, height=1, format=36249, type=5124, pixels=0x2b5a4c83b7a0)
    at ../../third_party/angle/src/libGLESv2/entry_points_gles_2_0_autogen.cpp:2057
#6  0x00007ffff0d29dda in glTexSubImage2D (target=3553, level=0, xoffset=0, yoffset=0, width=4, height=1, format=36249, type=5124, pixels=0x2b5a4c83b7a0)
    at ../../third_party/angle/src/libGLESv2/libGLESv2.cpp:668
#7  0x00007ffff6d63908 in (anonymous namespace)::GLApiBase::glTexSubImage2DFn (this=0x2b5a4c731520, target=3553, level=0, xoffset=0, yoffset=0, width=4, height=1, format=36249, type=5124, pixels=0x2b5a4c83b7a0)
    at ../../ui/gl/gl_bindings_autogen_gl.cc:4490
#8  0x00007ffff6dc175f in (anonymous namespace)::RealGLApi::glTexSubImage2DFn (this=0x2b5a4c731520, target=3553, level=0, xoffset=0, yoffset=0, width=4, height=1, format=36249, type=5124, pixels=0x2b5a4c83b7a0)
    at ../../ui/gl/gl_gl_api_implementation.cc:386
#9  0x00007ffff76804de in (anonymous namespace)::(anonymous namespace)::GLES2DecoderImpl::ClearLevel (this=0x2b5a4c85a520, texture=0x2b5a4c785260, target=3553, level=0, format=36249, type=5124, xoffset=0, 
    yoffset=0, width=4, height=1) at ../../gpu/command_buffer/service/gles2_cmd_decoder.cc:12959
#10 0x00007ffff782159c in (anonymous namespace)::(anonymous namespace)::Texture::ClearLevel (this=0x2b5a4c785260, decoder=0x2b5a4c85a520, target=3553, level=0)
    at ../../gpu/command_buffer/service/texture_manager.cc:1729
#11 0x00007ffff7825da2 in (anonymous namespace)::(anonymous namespace)::TextureManager::ClearTextureLevel (this=0x2b5a4c861180, decoder=0x2b5a4c85a520, ref=0x2b5a4c8549c0, target=3553, level=0)
    at ../../gpu/command_buffer/service/texture_manager.cc:2182
#12 0x00007ffff75f0b31 in (anonymous namespace)::(anonymous namespace)::Framebuffer::ClearUnclearedIntOr3DTexturesOrPartiallyClearedTextures (this=0x2b5a4c77bd40, decoder=0x2b5a4c85a520, 
    texture_manager=0x2b5a4c861180) at ../../gpu/command_buffer/service/framebuffer_manager.cc:587
#13 0x00007ffff7655025 in (anonymous namespace)::(anonymous namespace)::GLES2DecoderImpl::ClearUnclearedAttachments (this=0x2b5a4c85a520, target=36009, framebuffer=0x2b5a4c77bd40)
    at ../../gpu/command_buffer/service/gles2_cmd_decoder.cc:7785
#14 0x00007ffff7654ef5 in (anonymous namespace)::(anonymous namespace)::GLES2DecoderImpl::CheckFramebufferValid (this=0x2b5a4c85a520, framebuffer=0x2b5a4c77bd40, target=36009, gl_error=1286, 
    func_name=0x7ffff73bec14 "glClear") at ../../gpu/command_buffer/service/gles2_cmd_decoder.cc:4550
#15 0x00007ffff76554cd in (anonymous namespace)::(anonymous namespace)::GLES2DecoderImpl::CheckBoundDrawFramebufferValid (this=0x2b5a4c85a520, func_name=0x7ffff73bec14 "glClear")
    at ../../gpu/command_buffer/service/gles2_cmd_decoder.cc:4558
#16 0x00007ffff7667bb9 in (anonymous namespace)::(anonymous namespace)::GLES2DecoderImpl::DoClear (this=0x2b5a4c85a520, mask=16384) at ../../gpu/command_buffer/service/gles2_cmd_decoder.cc:7544
#17 0x00007ffff7615119 in (anonymous namespace)::(anonymous namespace)::GLES2DecoderImpl::HandleClear (this=0x2b5a4c85a520, immediate_data_size=0, cmd_data=0x2b5a4c87156c)
    at ../../gpu/command_buffer/service/gles2_cmd_decoder_autogen.h:356
#18 0x00007ffff76a2658 in (anonymous namespace)::(anonymous namespace)::GLES2DecoderImpl::DoCommandsImpl<false> (this=0x2b5a4c85a520, num_commands=20, buffer=0x2b5a4c8714c8, num_entries=88, 
    entries_processed=0x7fffffffd2fc) at ../../gpu/command_buffer/service/gles2_cmd_decoder.cc:5414


Looking at the error, and the decoder state, it looks like as we get into GLES2DecoderImpl::ClearLevel, a GL_UNPACK_PIXEL_BUFFER is bound (with a size of 0), which is unexpected by the code, that tries to glTexSubImage2D from a client buffer. Luckily ANGLE catches the out-of-bounds and generates an error, but that also means we're not clearing the texture as we expect.

So we need to reset the GL_UNPACK_PIXEL_BUFFER before doing the glTexSubImage2D, as well as the rest of the unpack state. This is likely true of ClearCompressedTextureLevel also.
Interestingly, ClearLevel3D does reset the unpack state (and explicitly uses a PBO to save time, which is a good idea).

NVM for ClearCompressedTextureLevel, it does reset the unpack buffer. It doesn't reset the rest of the unpack state, but I don't believe any of it applies.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5e48f901879796bf05fe124fdf82b45fe1d47bf2

commit 5e48f901879796bf05fe124fdf82b45fe1d47bf2
Author: Antoine Labour <piman@chromium.org>
Date: Mon Nov 06 21:46:21 2017

Reset unpack state before clearing textures with TexSubImage2D

The ES3 states needs to be reset, otherwise the TexSubImage2D used for
clear doesn't do what we think it does.

Bug:  780771 
Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
Change-Id: Iaebbd19e7a150e80e4d5c718cbaf76c385a32c04
Reviewed-on: https://chromium-review.googlesource.com/754361
Commit-Queue: Antoine Labour <piman@chromium.org>
Reviewed-by: Zhenyao Mo <zmo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#514247}
[modify] https://crrev.com/5e48f901879796bf05fe124fdf82b45fe1d47bf2/gpu/command_buffer/service/feature_info.cc
[modify] https://crrev.com/5e48f901879796bf05fe124fdf82b45fe1d47bf2/gpu/command_buffer/service/gles2_cmd_decoder.cc
[modify] https://crrev.com/5e48f901879796bf05fe124fdf82b45fe1d47bf2/gpu/command_buffer/service/gles2_cmd_decoder_unittest_base.cc
[modify] https://crrev.com/5e48f901879796bf05fe124fdf82b45fe1d47bf2/gpu/command_buffer/service/gles2_cmd_decoder_unittest_textures.cc
[modify] https://crrev.com/5e48f901879796bf05fe124fdf82b45fe1d47bf2/gpu/command_buffer/service/test_helper.cc

ClusterFuzz has detected this issue as fixed in range 514242:514268.

Detailed report: https://clusterfuzz.com/testcase?key=6543648954253312

Fuzzer: libFuzzer_gpu_angle_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  glGetError() == GL_NO_ERROR in feature_info.cc
  gpu::gles2::IsGL_REDSupportedOnFBOs
  gpu::gles2::FeatureInfo::InitializeFeatures
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=512661:512688
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=514242:514268

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6543648954253312

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6543648954253312 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.