Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This one doesn't appear to be Skia but something uninitialized upstack, starting with the suggested blame + component for a look...will stay on cc.

This code is behind a flag, so should not block release.

Adding M-65 as per c#5.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

ClusterFuzz has detected this issue as fixed in range 518493:518517.

Detailed report: https://clusterfuzz.com/testcase?key=6591416934596608

Fuzzer: libFuzzer_paint_op_buffer_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  int const& SkTMax<int>
  int const& SkTPin<int>
  SkFontStyle::SkFontStyle
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=515053:515085
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=518493:518517

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6591416934596608

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6591416934596608 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This was closed due to changes from https://chromium-review.googlesource.com/770522.  I think this is still a real issue that needs to be fixed, so I'm reopening this.  Please repro from older Chrome versions.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

vmpstr: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This is behind a flag, and should not block release.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/57a9b3e34bfddc151f8848ccf9fec031f09f5f39

commit 57a9b3e34bfddc151f8848ccf9fec031f09f5f39
Author: Vladimir Levin <vmpstr@chromium.org>
Date: Tue Dec 05 20:20:15 2017

oop: Initialize and validate font creation params.

This patch ensures that we initialize all font creation params before
reading them and abort creating a typeface if the reader is invalid.

R=enne@chromium.org, ericrk@chromium.org

Bug:  785675 
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel
Change-Id: I7baabeb460c9cb06026c8a82989c7c6f7e970f8f
Reviewed-on: https://chromium-review.googlesource.com/808748
Reviewed-by: Khushal <khushalsagar@chromium.org>
Commit-Queue: vmpstr <vmpstr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#521806}
[modify] https://crrev.com/57a9b3e34bfddc151f8848ccf9fec031f09f5f39/cc/paint/paint_op_reader.cc

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot