Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically adding ccs based on suspected regression changelists:

canvas: Avoid unnecessary book-keeping of images in CanvasImageProvider. by khushalsagar@chromium.org - https://chromium.googlesource.com/chromium/src/+/cde9d1d1e464957716e4e15f44810fe28753e4df

[PE] Add a test case for  crbug.com/809102  by wangxianzhu@chromium.org - https://chromium.googlesource.com/chromium/src/+/4926f8217a1795cedffc9c64113eb7944b0cf504

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.

SPv1.75 code path.

Null reads not P1.

 Issue 814018  has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1d3c50f6f1b3289411d1050487efd874ad84f0ca

commit 1d3c50f6f1b3289411d1050487efd874ad84f0ca
Author: Xianzhu Wang <wangxianzhu@chromium.org>
Date: Wed Feb 21 20:50:20 2018

[SPv175+] SetNeedsPaintPropertyUpdate on overflow property change for SVGForeignObject and SVGViewportContainer

The overflow rule is special for SVGForeignObject and
SVGViewportContainer, and their changes to update paint properties
were not covered by existing overflow clip change logic.
They need special handling.

Bug:  813411 , 813466
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2
Change-Id: I18b54c5cf249fd63765b191d80e9a5c96b446a04
Reviewed-on: https://chromium-review.googlesource.com/929347
Reviewed-by: Fredrik Söderquist <fs@opera.com>
Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#538201}
[modify] https://crrev.com/1d3c50f6f1b3289411d1050487efd874ad84f0ca/third_party/WebKit/Source/core/layout/svg/LayoutSVGBlock.h
[modify] https://crrev.com/1d3c50f6f1b3289411d1050487efd874ad84f0ca/third_party/WebKit/Source/core/layout/svg/LayoutSVGForeignObject.cpp
[modify] https://crrev.com/1d3c50f6f1b3289411d1050487efd874ad84f0ca/third_party/WebKit/Source/core/layout/svg/LayoutSVGForeignObject.h
[modify] https://crrev.com/1d3c50f6f1b3289411d1050487efd874ad84f0ca/third_party/WebKit/Source/core/layout/svg/LayoutSVGViewportContainer.cpp
[modify] https://crrev.com/1d3c50f6f1b3289411d1050487efd874ad84f0ca/third_party/WebKit/Source/core/layout/svg/LayoutSVGViewportContainer.h
[modify] https://crrev.com/1d3c50f6f1b3289411d1050487efd874ad84f0ca/third_party/WebKit/Source/core/layout/svg/SVGLayoutSupport.cpp
[modify] https://crrev.com/1d3c50f6f1b3289411d1050487efd874ad84f0ca/third_party/WebKit/Source/core/layout/svg/SVGLayoutSupport.h
[modify] https://crrev.com/1d3c50f6f1b3289411d1050487efd874ad84f0ca/third_party/WebKit/Source/core/paint/PaintPropertyTreeBuilder.cpp
[modify] https://crrev.com/1d3c50f6f1b3289411d1050487efd874ad84f0ca/third_party/WebKit/Source/core/paint/PaintPropertyTreeUpdateTests.cpp
[modify] https://crrev.com/1d3c50f6f1b3289411d1050487efd874ad84f0ca/third_party/WebKit/Source/core/paint/SVGContainerPainter.cpp
[modify] https://crrev.com/1d3c50f6f1b3289411d1050487efd874ad84f0ca/third_party/WebKit/Source/core/paint/SVGForeignObjectPainter.cpp
[modify] https://crrev.com/1d3c50f6f1b3289411d1050487efd874ad84f0ca/third_party/WebKit/Source/core/paint/SVGShapePainter.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f6a82fc1c8b43938da813697c723c1db6834482b

commit f6a82fc1c8b43938da813697c723c1db6834482b
Author: Xianzhu Wang <wangxianzhu@chromium.org>
Date: Thu Feb 22 19:36:38 2018

[SPv175] Don't crash on circular filter reference containing foreignObject or svg-in-svg

This is a workaround for the crash bugs. The root cause is tracked
in crbug.com/814815.

Bug:  813446 ,  813411 , 814815
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2
Change-Id: Ied370eb2b1f0ffd4424c9c397ea1c899914bdbb0
Reviewed-on: https://chromium-review.googlesource.com/931922
Reviewed-by: Fredrik Söderquist <fs@opera.com>
Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#538527}
[add] https://crrev.com/f6a82fc1c8b43938da813697c723c1db6834482b/third_party/WebKit/LayoutTests/external/wpt/svg/foreignobject/foreign-object-circular-filter-reference-crash.html
[add] https://crrev.com/f6a82fc1c8b43938da813697c723c1db6834482b/third_party/WebKit/LayoutTests/external/wpt/svg/svg-in-svg/svg-in-svg-circular-filter-reference-crash.html
[modify] https://crrev.com/f6a82fc1c8b43938da813697c723c1db6834482b/third_party/WebKit/Source/core/paint/SVGContainerPainter.cpp
[modify] https://crrev.com/f6a82fc1c8b43938da813697c723c1db6834482b/third_party/WebKit/Source/core/paint/SVGForeignObjectPainter.cpp

ClusterFuzz has detected this issue as fixed in range 538495:538530.

Detailed report: https://clusterfuzz.com/testcase?key=4877281932345344

Fuzzer: miaubiz_svg_fuzzer
Job Type: linux_cfi_chrome
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000068
Crash State:
  chrome
  blink::SVGContainerPainter::Paint
  blink::LayoutSVGContainer::Paint
  
Sanitizer: cfi (CFI)

Regressed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=537426:537470
Fixed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=538495:538530

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4877281932345344

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4877281932345344 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.