Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Predator and CL could not provide any possible suspects.

Using Code Search for the file, "paint_op_buffer.cc" suspecting the below Cl might have caused this issue

Suspect CL: https://chromium.googlesource.com/chromium/src/+/8738071e484555f67be9c1ea8b04d399e62a4999

enne@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner.

Thanks!

I'm unable to reproduce this on Linux, either at ToT or at the revision that the reproduce tool syncs too.

It appears that somehow a canvas is creating an invalid rect.  Probably it's passing some sort of nan rect, but it could be invalid flags as well.

I wonder if we should should just drop all the isFinite() checks on rects if canvas can create these from Javascript.

ClusterFuzz has detected this issue as fixed in range 554111:554116.

Detailed report: https://clusterfuzz.com/testcase?key=6320194415493120

Fuzzer: attekett_surku_fuzzer
Job Type: linux_debug_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  op->IsValid() in paint_op_buffer.cc
  cc::Rasterizer<cc::DrawRectOp, true>::RasterWithFlags
  cc::$_42::operator
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=523893:523905
Fixed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=554111:554116

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6320194415493120

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6320194415493120 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.