Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/d1fe575dbeb077ce496b11c05bd92aed93289831 ([css-align] Add use counter for the 'legacy' alignment).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

 Issue 806782  has been merged into this issue.

I'll take a look asap

 Issue 806895  has been merged into this issue.

 Issue 806922  has been merged into this issue.

I've already submitted a patch for this issue, still waiting for review.

https://chromium-review.googlesource.com/c/chromium/src/+/891818

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3e56f3671922ba1bc080460e519a9b973f9fdd12

commit 3e56f3671922ba1bc080460e519a9b973f9fdd12
Author: Javier Fernandez <jfernandez@igalia.com>
Date: Tue Jan 30 02:20:31 2018

Move the UseCounter to the CSS property's parsing logic

The ideal counter would be triggered on elements with 'auto' value for
the justify-items and "legacy" keyword on their parent's justify-items
value. That's the specific case we want to evaluate to know the impact
of removing the 'auto' value from this property.

The only, or more direct, way to achieve this is to add the UseCounter
call in the StyleAdjusment logic, where we resolve the 'auto' value.
However, during this phase we may lack of a Document to use as an
execution context for the counter.

As an alternative, also valid for the goal of evaluate the above
mentioned removal, would be to add the UseCounter to the property's
parsing logic. We can call in this case the UseCounter API that uses
CSSParserContext instead of the one based on the Document.

Bug:  806791 
Change-Id: I2bf9e07957bfaec41d68b6d2c6660283cabff062
Reviewed-on: https://chromium-review.googlesource.com/891818
Reviewed-by: Christian Biesinger <cbiesinger@chromium.org>
Commit-Queue: Javier Fernandez <jfernandez@igalia.com>
Cr-Commit-Position: refs/heads/master@{#532736}
[modify] https://crrev.com/3e56f3671922ba1bc080460e519a9b973f9fdd12/third_party/WebKit/Source/core/css/properties/longhands/JustifyItemsCustom.cpp
[modify] https://crrev.com/3e56f3671922ba1bc080460e519a9b973f9fdd12/third_party/WebKit/Source/core/css/resolver/StyleAdjuster.cpp

ClusterFuzz testcase 4808353126285312 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

ClusterFuzz has detected this issue as fixed in range 532735:532742.

Detailed report: https://clusterfuzz.com/testcase?key=5431418931642368

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_cfi_chrome
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000020
Crash State:
  chrome
  blink::Node::GetDocument
  blink::StyleAdjuster::AdjustComputedStyle
  
Sanitizer: cfi (CFI)

Regressed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=532377:532389
Fixed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=532735:532742

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5431418931642368

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.