Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Predator and CL could not provide any possible suspects.
Using the code search for the file, “WorkletAnimation.cpp” assigning to concern owner from GIT blame.

Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/c7af2f07e7458da6bab556dd3a2f2dcac3f73276
@smcgruer -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes.
Thank You.

 Issue 779684  has been merged into this issue.

Ah, this comes from the fact that WorkletAnimation::Create() assumes that the effect target is non-null:

Document& documnet = effects.at(0)->Target()->GetDocument();

This code has existed for a while and AnimationWorklet is non-launched flag-only, so dropping to P2. Should be an easy fix though; we can just throw an exception for now if target doesn't exist (in the future we need to handle effects with null targets, since that's allowed by web-anim spec).

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2111f8d253bfa59795e3b3ec9faca5db2da8de51

commit 2111f8d253bfa59795e3b3ec9faca5db2da8de51
Author: Stephen McGruer <smcgruer@chromium.org>
Date: Thu Nov 09 19:49:24 2017

Fix NULL-dereference in blink::WorkletAnimation::Create

A KeyframeEffect's target is allowed to be null. This CL detects that
situation and fails the WorkletAnimation's creation. Doing so is not
spec-compliant (we should allow a null target) but at least avoids
crashing on a null dereference.

Bug:  781567 
Change-Id: I4074eb25b53411e184c060e8d984fa43c5777568
Reviewed-on: https://chromium-review.googlesource.com/754599
Reviewed-by: Eric Willigers <ericwilligers@chromium.org>
Reviewed-by: Majid Valipour <majidvp@chromium.org>
Reviewed-by: Robert Flack <flackr@chromium.org>
Commit-Queue: Stephen McGruer <smcgruer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#515249}
[modify] https://crrev.com/2111f8d253bfa59795e3b3ec9faca5db2da8de51/third_party/WebKit/LayoutTests/virtual/threaded/fast/animationworklet/worklet-animation-creation.html
[modify] https://crrev.com/2111f8d253bfa59795e3b3ec9faca5db2da8de51/third_party/WebKit/Source/modules/animationworklet/WorkletAnimation.cpp

ClusterFuzz has detected this issue as fixed in range 514498:517698.

Detailed report: https://clusterfuzz.com/testcase?key=5205983696781312

Fuzzer: mbarbella_js_mutation_layout
Job Type: windows_asan_content_shell
Platform Id: windows

Crash Type: Null-dereference READ
Crash Address: 0x00000010
Crash State:
  blink::WorkletAnimation::Create
  blink::WorkletAnimationV8Internal::constructor
  blink::V8WorkletAnimation::constructorCallback
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=513950:513979
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=514498:517698

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5205983696781312

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5233236983939072 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.