Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/fdec674e8373793d4eb226f0e18771bbeeea3792 (Improve the performance of the passthrough cmd decoder's error handling.).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/deps/mesa/+/803b1132096707417736df8d167176a33813aa9f

commit 803b1132096707417736df8d167176a33813aa9f
Author: Geoff Lang <geofflang@chromium.org>
Date: Mon Mar 19 16:15:15 2018

Update GLDEBUGPROC to the latest spec version.

The missing 'const' on the userParam argument causes problems with ubsan
when ANGLE compiles with the latest headers.

BUG= 820848 

Change-Id: I516141f132ef7e6a61f3543592df8f0f9b806363

[modify] https://crrev.com/803b1132096707417736df8d167176a33813aa9f/include/GL/glext.h

geofflang: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5b12500886c296204e21797b9ee078800c485c4f

commit 5b12500886c296204e21797b9ee078800c485c4f
Author: Geoff Lang <geofflang@chromium.org>
Date: Mon Mar 26 19:04:28 2018

Update the GLDEBUGPROC typedef to the latest spec version.

The non-const parameter was causing issues with ubsan because ANGLE is
compiled with lasted typedefs.

BUG= 820848 
TBR=piman@chromium.org

Cq-Include-Trybots: luci.chromium.try:linux_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
Change-Id: I366e101fb8c42edec1d381e27cb55a51283f4e09
Reviewed-on: https://chromium-review.googlesource.com/969083
Reviewed-by: Zhenyao Mo <zmo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#545858}
[modify] https://crrev.com/5b12500886c296204e21797b9ee078800c485c4f/DEPS
[modify] https://crrev.com/5b12500886c296204e21797b9ee078800c485c4f/gpu/command_buffer/service/gles2_cmd_decoder.cc
[modify] https://crrev.com/5b12500886c296204e21797b9ee078800c485c4f/gpu/command_buffer/service/gles2_cmd_decoder_passthrough.cc
[modify] https://crrev.com/5b12500886c296204e21797b9ee078800c485c4f/gpu/command_buffer/tests/fuzzer_main.cc
[modify] https://crrev.com/5b12500886c296204e21797b9ee078800c485c4f/third_party/khronos/GLES2/gl2ext.h
[modify] https://crrev.com/5b12500886c296204e21797b9ee078800c485c4f/third_party/mesa/README.chromium

ClusterFuzz has detected this issue as fixed in range 545850:545860.

Detailed report: https://clusterfuzz.com/testcase?key=4527131972075520

Fuzzer: libFuzzer_gpu_angle_passthrough_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Incorrect-function-pointer-type
Crash Address: 
Crash State:
  gl::Debug::insertMessage
  gl::Debug::insertMessage
  gl::Context::handleError
  
Sanitizer: undefined (UBSAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=538463:538477
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=545850:545860

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4527131972075520

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4527131972075520 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug requires manual review: DEPS changes referenced in bugdroid comments.
Please contact the milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), josafat@(ChromeOS), abdulsyed@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Approving merge to M66. Branch:3359

The merge is not needed for this bug.  It does not affect M66.