Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically adding ccs based on suspected regression changelists:

Allow for paint offset roots that don't have PaintLayers. by chrishtr@chromium.org - https://chromium.googlesource.com/chromium/src/+/68c4cdbe80c1a578c9321d2a98f61939fc54c39d

Use snapped size for scrollbar thumb geometry by pdr@chromium.org - https://chromium.googlesource.com/chromium/src/+/7205053587e2253f8631ebd3ed75296c0c58f866

If this is incorrect, please apply the Test-Predator-Wrong-CLs label.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ae091846bf5f022751fc7a73db86001a0a1cea08

commit ae091846bf5f022751fc7a73db86001a0a1cea08
Author: Chris Harrelson <chrishtr@chromium.org>
Date: Thu Dec 28 07:48:16 2017

Work around bug leading to out of range check when transforming first-line text.

Bug:  795498 
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2
Change-Id: I8b954af84de8e84faa117f01854ae29573643d08
Reviewed-on: https://chromium-review.googlesource.com/845140
Commit-Queue: Emil A Eklund <eae@chromium.org>
Reviewed-by: Emil A Eklund <eae@chromium.org>
Cr-Commit-Position: refs/heads/master@{#526281}
[add] https://crrev.com/ae091846bf5f022751fc7a73db86001a0a1cea08/third_party/WebKit/LayoutTests/fast/text/firstline/capitalize-transform.html
[modify] https://crrev.com/ae091846bf5f022751fc7a73db86001a0a1cea08/third_party/WebKit/Source/core/paint/InlineTextBoxPainter.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/45d854ad1a41d8d90d81f24af58c8aa1206dc730

commit 45d854ad1a41d8d90d81f24af58c8aa1206dc730
Author: James MacLean <wjmaclean@chromium.org>
Date: Thu Dec 28 15:30:18 2017

Revert "Work around bug leading to out of range check when transforming first-line text."

This reverts commit ae091846bf5f022751fc7a73db86001a0a1cea08.

Reason for revert: Speculative revert since this CL is one of three causing layout tests to assert on Win7 bots.

Original change's description:
> Work around bug leading to out of range check when transforming first-line text.
> 
> Bug:  795498 
> Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2
> Change-Id: I8b954af84de8e84faa117f01854ae29573643d08
> Reviewed-on: https://chromium-review.googlesource.com/845140
> Commit-Queue: Emil A Eklund <eae@chromium.org>
> Reviewed-by: Emil A Eklund <eae@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#526281}

TBR=cbiesinger@chromium.org,chrishtr@chromium.org,eae@chromium.org,drott@chromium.org

Change-Id: Ie4b4ffa0307ca7259df9c2a8ba32a28b131b749f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug:  795498 
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2
Reviewed-on: https://chromium-review.googlesource.com/845739
Reviewed-by: James MacLean <wjmaclean@chromium.org>
Commit-Queue: James MacLean <wjmaclean@chromium.org>
Cr-Commit-Position: refs/heads/master@{#526297}
[delete] https://crrev.com/3c9497064e7eb4b7dc9bc93c11e1a7f65181a9bb/third_party/WebKit/LayoutTests/fast/text/firstline/capitalize-transform.html
[modify] https://crrev.com/45d854ad1a41d8d90d81f24af58c8aa1206dc730/third_party/WebKit/Source/core/paint/InlineTextBoxPainter.cpp

chrishtr: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3ee8649cef061b5016288b3f49f6e72288caf582

commit 3ee8649cef061b5016288b3f49f6e72288caf582
Author: Chris Harrelson <chrishtr@chromium.org>
Date: Fri Feb 09 01:23:14 2018

Revert "Revert "Work around bug leading to out of range check when transforming first-line text.""

This reverts commit 45d854ad1a41d8d90d81f24af58c8aa1206dc730.

Bug:  795498 
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2
Change-Id: I9699ab3047102c9a1342f4d7b92404a3be7639df
Reviewed-on: https://chromium-review.googlesource.com/846199
Reviewed-by: Christian Biesinger <cbiesinger@chromium.org>
Commit-Queue: Christian Biesinger <cbiesinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#535607}
[add] https://crrev.com/3ee8649cef061b5016288b3f49f6e72288caf582/third_party/WebKit/LayoutTests/fast/text/firstline/capitalize-transform.html
[modify] https://crrev.com/3ee8649cef061b5016288b3f49f6e72288caf582/third_party/WebKit/Source/core/paint/InlineTextBoxPainter.cpp

ClusterFuzz has detected this issue as fixed in range 535606:535607.

Detailed report: https://clusterfuzz.com/testcase?key=6352404655374336

Fuzzer: inferno_twister_c
Job Type: linux_asan_chrome_v8_arm
Platform Id: linux

Crash Type: Security DCHECK failure
Crash Address: 
Crash State:
  offset + length <= impl.length() in StringView.h
  [vdso]
  blink::InlineTextBoxPainter::Paint
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_v8_arm&range=508795:508884
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_v8_arm&range=535606:535607

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6352404655374336

Additional requirements: Requires Gestures

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Issue 805562 has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5b5bd68ae1b1237a1b3f1b8f28d7d358cad48d00

commit 5b5bd68ae1b1237a1b3f1b8f28d7d358cad48d00
Author: Chris Harrelson <chrishtr@chromium.org>
Date: Mon Feb 12 20:19:59 2018

Reland "Work around bug leading to out of range check when transforming first-line text."

This reverts commit 45d854ad1a41d8d90d81f24af58c8aa1206dc730.

Bug:  795498 , 798099 
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2
Change-Id: I9699ab3047102c9a1342f4d7b92404a3be7639df
Reviewed-on: https://chromium-review.googlesource.com/846199
Reviewed-by: Christian Biesinger <cbiesinger@chromium.org>
Commit-Queue: Christian Biesinger <cbiesinger@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#535607}(cherry picked from commit 3ee8649cef061b5016288b3f49f6e72288caf582)
Reviewed-on: https://chromium-review.googlesource.com/914782
Cr-Commit-Position: refs/branch-heads/3325@{#432}
Cr-Branched-From: bc084a8b5afa3744a74927344e304c02ae54189f-refs/heads/master@{#530369}
[add] https://crrev.com/5b5bd68ae1b1237a1b3f1b8f28d7d358cad48d00/third_party/WebKit/LayoutTests/fast/text/firstline/capitalize-transform.html
[modify] https://crrev.com/5b5bd68ae1b1237a1b3f1b8f28d7d358cad48d00/third_party/WebKit/Source/core/paint/InlineTextBoxPainter.cpp

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d7659161bf6a183c356ad79a45993cc7e9971cb6

commit d7659161bf6a183c356ad79a45993cc7e9971cb6
Author: Koji Ishii <kojii@chromium.org>
Date: Tue Sep 11 03:51:56 2018

Fix first-line text-transform workaround when start is not zero

r526281 added a workaround for when text-transform shorten
the string, but did so only for when inline_text_box_.Start()
is zero.

This patch extends the workaround for when inline_text_box_.
Start() is not zero.

Cq-Include-Trybots: luci.chromium.try:linux_layout_tests_slimming_paint_v2;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ib4536ae5aaf92352e41ef19e53c2046a4c86806c
Bug:  880176 ,  795498 
Reviewed-on: https://chromium-review.googlesource.com/1218202
Commit-Queue: Emil A Eklund <eae@chromium.org>
Reviewed-by: Emil A Eklund <eae@chromium.org>
Cr-Commit-Position: refs/heads/master@{#590194}
[modify] https://crrev.com/d7659161bf6a183c356ad79a45993cc7e9971cb6/third_party/WebKit/LayoutTests/fast/text/firstline/capitalize-transform.html
[modify] https://crrev.com/d7659161bf6a183c356ad79a45993cc7e9971cb6/third_party/blink/renderer/core/paint/inline_text_box_painter.cc