Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/fb48059ccdfe83de78d14b889cf734668ded071b (cc: Add some diagnostic CHECKs for sw image cache crashes.).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

 Issue 824518  has been merged into this issue.

This crash occurs very frequently on android platform and is likely preventing the fuzzer ifratric-browserfuzzer-v3 from making much progress. Fixing this will allow more bugs to be found.

Marking this bug as a blocker for next Beta release.

If this is incorrect, please add ClusterFuzz-Wrong label and remove the ReleaseBlock-Beta label.

A friendly reminder that M67 branch is coming soon on 04/12! Your bug is labelled as Beta ReleaseBlock, pls make sure to land the fix ASAP to trunk. This way we branch M67 from a high quality trunk. Thank you.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c308eef6bbbe70f8a64b37d5b0e87fb41d532020

commit c308eef6bbbe70f8a64b37d5b0e87fb41d532020
Author: Khushal <khushalsagar@google.com>
Date: Thu Mar 29 01:54:43 2018

cc: Fix software image cache handling for empty target size images.

The cache keys generated for an image with an empty target size can have
collisions. The ProcessingType for these cases is set to kOriginal,
indicating an original sized decode. If the cache is already populated
with an original sized decode, this will cause us to use the unlocked
memory for that entry.

Fix this by using a kSubrectAndScale Processing type for this case, so
the key comparison is accurate.

R=enne@chromium.org

Bug:  825772 ,  802976 
Cq-Include-Trybots: luci.chromium.try:android_optional_gpu_tests_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I26b40673975b64c6fb75a8363d925273407ed3f0
Reviewed-on: https://chromium-review.googlesource.com/981115
Commit-Queue: Khushal <khushalsagar@chromium.org>
Reviewed-by: enne <enne@chromium.org>
Cr-Commit-Position: refs/heads/master@{#546697}
[modify] https://crrev.com/c308eef6bbbe70f8a64b37d5b0e87fb41d532020/cc/tiles/software_image_decode_cache.cc
[modify] https://crrev.com/c308eef6bbbe70f8a64b37d5b0e87fb41d532020/cc/tiles/software_image_decode_cache_unittest.cc
[modify] https://crrev.com/c308eef6bbbe70f8a64b37d5b0e87fb41d532020/cc/tiles/software_image_decode_cache_utils.cc

ClusterFuzz has detected this issue as fixed in range 546696:546697.

Detailed report: https://clusterfuzz.com/testcase?key=5681994755997696

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_ubsan_vptr_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  is_locked in software_image_decode_cache_utils.h
  cc::SoftwareImageDecodeCache::GetDecodedImageForDrawInternal
  cc::SoftwareImageDecodeCache::GetDecodedImageForDraw
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_chrome&range=545723:545724
Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_chrome&range=546696:546697

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5681994755997696

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ac7ee269798b7add84a822ba79be1620e0a7b132

commit ac7ee269798b7add84a822ba79be1620e0a7b132
Author: Khushal <khushalsagar@google.com>
Date: Mon Apr 02 17:48:33 2018

cc: Fix software image cache handling for empty target size images.

The cache keys generated for an image with an empty target size can have
collisions. The ProcessingType for these cases is set to kOriginal,
indicating an original sized decode. If the cache is already populated
with an original sized decode, this will cause us to use the unlocked
memory for that entry.

Fix this by using a kSubrectAndScale Processing type for this case, so
the key comparison is accurate.

R=​enne@chromium.org

Bug:  825772 ,  802976 
Cq-Include-Trybots: luci.chromium.try:android_optional_gpu_tests_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I26b40673975b64c6fb75a8363d925273407ed3f0
Reviewed-on: https://chromium-review.googlesource.com/981115
Commit-Queue: Khushal <khushalsagar@chromium.org>
Reviewed-by: enne <enne@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#546697}(cherry picked from commit c308eef6bbbe70f8a64b37d5b0e87fb41d532020)
Reviewed-on: https://chromium-review.googlesource.com/990272
Reviewed-by: Khushal <khushalsagar@chromium.org>
Cr-Commit-Position: refs/branch-heads/3359@{#527}
Cr-Branched-From: 66afc5e5d10127546cc4b98b9117aff588b5e66b-refs/heads/master@{#540276}
[modify] https://crrev.com/ac7ee269798b7add84a822ba79be1620e0a7b132/cc/tiles/software_image_decode_cache.cc
[modify] https://crrev.com/ac7ee269798b7add84a822ba79be1620e0a7b132/cc/tiles/software_image_decode_cache_unittest.cc
[modify] https://crrev.com/ac7ee269798b7add84a822ba79be1620e0a7b132/cc/tiles/software_image_decode_cache_utils.cc