Testcase 5688054215081984 is a top crash on ClusterFuzz for android and windows platforms. Please prioritize fixing this crash.

Marking this crash as a Beta release blocker.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Khushal@: Could you please take a look at this for your related work in https://chromium-review.googlesource.com/c/chromium/src/+/770522 (filter_operation.cc:379)

The fix for this already landed.

I'll take a look at this tomorrow. I thought it was a dupe of the bug fixed by https://chromium-review.googlesource.com/c/chromium/src/+/791937.

As per C#5,
Friendly ping to get an update on this issue.
Thanks..!

Fix in review: https://chromium-review.googlesource.com/c/chromium/src/+/810271

 Issue 792824  has been merged into this issue.

Issue 792969 has been merged into this issue.

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ade4572086fa012d09b040e3a11b7432daf04c55

commit ade4572086fa012d09b040e3a11b7432daf04c55
Author: Khushal <khushalsagar@chromium.org>
Date: Fri Dec 08 01:06:49 2017

filters: Fix crashes in PaintFilter.

Don't create a TilePaintFilter with no input, otherwise it fails later
in the stack during SkImageFilter creation. And since FilterOperations
on a CompositorFrame can be null, check before accessing the cached
skia filter during serialization.

R=chrishtr@chromium.org, tsepez@chromium.org

Bug:  789535 
Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2
Change-Id: I1e746fb18fcb557ac67c44a39c27e123d83a20bc
Reviewed-on: https://chromium-review.googlesource.com/810271
Commit-Queue: Khushal <khushalsagar@chromium.org>
Reviewed-by: Chris Harrelson <chrishtr@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#522663}
[modify] https://crrev.com/ade4572086fa012d09b040e3a11b7432daf04c55/services/viz/public/cpp/compositing/filter_operation_struct_traits.h
[modify] https://crrev.com/ade4572086fa012d09b040e3a11b7432daf04c55/third_party/WebKit/Source/core/paint/FilterEffectBuilder.cpp
[modify] https://crrev.com/ade4572086fa012d09b040e3a11b7432daf04c55/third_party/WebKit/Source/platform/graphics/filters/FETile.cpp
[modify] https://crrev.com/ade4572086fa012d09b040e3a11b7432daf04c55/third_party/WebKit/Source/platform/graphics/filters/PaintFilterBuilder.cpp

ClusterFuzz has detected this issue as fixed in range 522645:522676.

Detailed report: https://clusterfuzz.com/testcase?key=5688054215081984

Fuzzer: miaubiz_svg_fuzzer
Job Type: windows_asan_chrome
Platform Id: windows

Crash Type: Null-dereference
Crash Address: 0x00000003
Crash State:
  SkImageFilter::filterBounds
  cc::MapRectInternal
  cc::FilterOperation::MapRectReverse
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome&range=518507:518561
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome&range=522645:522676

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5688054215081984

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5688054215081984 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Your change meets the bar and is auto-approved for M64. Please go ahead and merge the CL to branch 3282 manually. Please contact milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), kbleicher@(ChromeOS), abdulsyed@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/42e054b10616663225a0b0e6636648e35e55cf4c

commit 42e054b10616663225a0b0e6636648e35e55cf4c
Author: Khushal <khushalsagar@chromium.org>
Date: Mon Dec 11 02:47:10 2017

filters: Fix crashes in PaintFilter.

Don't create a TilePaintFilter with no input, otherwise it fails later
in the stack during SkImageFilter creation. And since FilterOperations
on a CompositorFrame can be null, check before accessing the cached
skia filter during serialization.

R=​chrishtr@chromium.org, tsepez@chromium.org

Bug:  789535 
Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2
Change-Id: I1e746fb18fcb557ac67c44a39c27e123d83a20bc
Reviewed-on: https://chromium-review.googlesource.com/810271
Commit-Queue: Khushal <khushalsagar@chromium.org>
Reviewed-by: Chris Harrelson <chrishtr@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#522663}(cherry picked from commit ade4572086fa012d09b040e3a11b7432daf04c55)
Reviewed-on: https://chromium-review.googlesource.com/818363
Reviewed-by: Khushal <khushalsagar@chromium.org>
Cr-Commit-Position: refs/branch-heads/3282@{#122}
Cr-Branched-From: 5fdc0fab22ce7efd32532ee989b223fa12f8171e-refs/heads/master@{#520840}
[modify] https://crrev.com/42e054b10616663225a0b0e6636648e35e55cf4c/services/viz/public/cpp/compositing/filter_operation_struct_traits.h
[modify] https://crrev.com/42e054b10616663225a0b0e6636648e35e55cf4c/third_party/WebKit/Source/core/paint/FilterEffectBuilder.cpp
[modify] https://crrev.com/42e054b10616663225a0b0e6636648e35e55cf4c/third_party/WebKit/Source/platform/graphics/filters/FETile.cpp
[modify] https://crrev.com/42e054b10616663225a0b0e6636648e35e55cf4c/third_party/WebKit/Source/platform/graphics/filters/PaintFilterBuilder.cpp