Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/2d526f29f2a8d8df3cab30b7ae407106574ce547 ([PE] Let visual rect cover sub-pixel visual effect outsets).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2195c17ababe2e9f24c9e9fe7d5da2a9915349cf

commit 2195c17ababe2e9f24c9e9fe7d5da2a9915349cf
Author: Xianzhu Wang <wangxianzhu@chromium.org>
Date: Thu Apr 12 16:13:23 2018

Revert "[PE] Let visual rect cover sub-pixel visual effect outsets"

This reverts commit 2d526f29f2a8d8df3cab30b7ae407106574ce547.

Reason for revert:  crbug.com/832020  

Bug:  832020 

Original change's description:
> [PE] Let visual rect cover sub-pixel visual effect outsets
> 
> If an overflowing visual effect has sub-pixel geometry and is painted
> with anti-aliasing along pixel-snapped border box, the pixel-snapping
> may cause the anti-aliased edge overflow the calculated visual rect.
> 
> Let LayoutBox::VisualRectOutsetForRasterEffects() return 1 if there are
> any sub-pixel visual effect outsets to ensure the visual rect covers
> all pixels.
> 
> Bug:  827516 
> Change-Id: I48f8350fb2124d002333a4cc76486c63ca55f8c9
> Reviewed-on: https://chromium-review.googlesource.com/1003492
> Reviewed-by: Chris Harrelson <chrishtr@chromium.org>
> Reviewed-by: Florin Malita <fmalita@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#550014}

TBR=wangxianzhu@chromium.org,fmalita@chromium.org,chrishtr@chromium.org

Change-Id: Iea3cfeb8e661dac43f27f85ab1eb2e7f00da8b73
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug:  827516 
Reviewed-on: https://chromium-review.googlesource.com/1010582
Reviewed-by: Xianzhu Wang <wangxianzhu@chromium.org>
Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#550227}
[delete] https://crrev.com/210c995247166fa2cdd38ab71e1c5cfc38871894/third_party/WebKit/LayoutTests/paint/invalidation/subpixel-shadow-move-expected.html
[delete] https://crrev.com/210c995247166fa2cdd38ab71e1c5cfc38871894/third_party/WebKit/LayoutTests/paint/invalidation/subpixel-shadow-move.html
[modify] https://crrev.com/2195c17ababe2e9f24c9e9fe7d5da2a9915349cf/third_party/blink/renderer/core/layout/layout_box.cc
[modify] https://crrev.com/2195c17ababe2e9f24c9e9fe7d5da2a9915349cf/third_party/blink/renderer/core/layout/layout_box.h
[modify] https://crrev.com/2195c17ababe2e9f24c9e9fe7d5da2a9915349cf/third_party/blink/renderer/core/layout/overflow_model.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/19327a652bb7c8806ec437ba577f280c5962e12e

commit 19327a652bb7c8806ec437ba577f280c5962e12e
Author: Xianzhu Wang <wangxianzhu@chromium.org>
Date: Thu Apr 12 20:32:43 2018

Reland "[PE] Let visual rect cover sub-pixel visual effect outsets"

This is a reland of 2d526f29f2a8d8df3cab30b7ae407106574ce547

Was reverted because it caused  crbug.com/832020  which is a crash in
the following case:
  <div style="width: 0; height: 0; box-shadow: 0 5.5px"></div>
The div has zero size and visual effect outset on one side only,
so the overflow is still zero and doesn't create OverflowModel.

Original change's description:
> [PE] Let visual rect cover sub-pixel visual effect outsets
>
> If an overflowing visual effect has sub-pixel geometry and is painted
> with anti-aliasing along pixel-snapped border box, the pixel-snapping
> may cause the anti-aliased edge overflow the calculated visual rect.
>
> Let LayoutBox::VisualRectOutsetForRasterEffects() return 1 if there are
> any sub-pixel visual effect outsets to ensure the visual rect covers
> all pixels.
>
> Bug:  827516 
> Change-Id: I48f8350fb2124d002333a4cc76486c63ca55f8c9
> Reviewed-on: https://chromium-review.googlesource.com/1003492
> Reviewed-by: Chris Harrelson <chrishtr@chromium.org>
> Reviewed-by: Florin Malita <fmalita@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#550014}

Bug:  827516 ,  832020 
Change-Id: I4e7831d7d91cc541127670ac102ec0292ae50387
Reviewed-on: https://chromium-review.googlesource.com/1010583
Reviewed-by: Chris Harrelson <chrishtr@chromium.org>
Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#550334}
[add] https://crrev.com/19327a652bb7c8806ec437ba577f280c5962e12e/third_party/WebKit/LayoutTests/paint/invalidation/subpixel-shadow-move-expected.html
[add] https://crrev.com/19327a652bb7c8806ec437ba577f280c5962e12e/third_party/WebKit/LayoutTests/paint/invalidation/subpixel-shadow-move.html
[add] https://crrev.com/19327a652bb7c8806ec437ba577f280c5962e12e/third_party/WebKit/LayoutTests/paint/invalidation/subpixel-shadow-zero-size-box-crash.html
[modify] https://crrev.com/19327a652bb7c8806ec437ba577f280c5962e12e/third_party/blink/renderer/core/layout/layout_box.cc
[modify] https://crrev.com/19327a652bb7c8806ec437ba577f280c5962e12e/third_party/blink/renderer/core/layout/layout_box.h
[modify] https://crrev.com/19327a652bb7c8806ec437ba577f280c5962e12e/third_party/blink/renderer/core/layout/overflow_model.h

ClusterFuzz has detected this issue as fixed in range 550218:550257.

Detailed report: https://clusterfuzz.com/testcase?key=5525406682447872

Fuzzer: bj_broddelwerk
Job Type: linux_cfi_chrome
Platform Id: linux

Crash Type: Null-dereference WRITE
Crash Address: 0x000000000034
Crash State:
  chrome
  blink::LayoutBox::AddVisualEffectOverflow
  blink::LayoutBlock::ComputeOverflow
  
Sanitizer: cfi (CFI)

Regressed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=550009:550026
Fixed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=550218:550257

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5525406682447872

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5525406682447872 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2195c17ababe2e9f24c9e9fe7d5da2a9915349cf

commit 2195c17ababe2e9f24c9e9fe7d5da2a9915349cf
Author: Xianzhu Wang <wangxianzhu@chromium.org>
Date: Thu Apr 12 16:13:23 2018

Revert "[PE] Let visual rect cover sub-pixel visual effect outsets"

This reverts commit 2d526f29f2a8d8df3cab30b7ae407106574ce547.

Reason for revert:  crbug.com/832020  

Bug:  832020 

Original change's description:
> [PE] Let visual rect cover sub-pixel visual effect outsets
> 
> If an overflowing visual effect has sub-pixel geometry and is painted
> with anti-aliasing along pixel-snapped border box, the pixel-snapping
> may cause the anti-aliased edge overflow the calculated visual rect.
> 
> Let LayoutBox::VisualRectOutsetForRasterEffects() return 1 if there are
> any sub-pixel visual effect outsets to ensure the visual rect covers
> all pixels.
> 
> Bug:  827516 
> Change-Id: I48f8350fb2124d002333a4cc76486c63ca55f8c9
> Reviewed-on: https://chromium-review.googlesource.com/1003492
> Reviewed-by: Chris Harrelson <chrishtr@chromium.org>
> Reviewed-by: Florin Malita <fmalita@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#550014}

TBR=wangxianzhu@chromium.org,fmalita@chromium.org,chrishtr@chromium.org

Change-Id: Iea3cfeb8e661dac43f27f85ab1eb2e7f00da8b73
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug:  827516 
Reviewed-on: https://chromium-review.googlesource.com/1010582
Reviewed-by: Xianzhu Wang <wangxianzhu@chromium.org>
Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#550227}
[delete] https://crrev.com/210c995247166fa2cdd38ab71e1c5cfc38871894/third_party/WebKit/LayoutTests/paint/invalidation/subpixel-shadow-move-expected.html
[delete] https://crrev.com/210c995247166fa2cdd38ab71e1c5cfc38871894/third_party/WebKit/LayoutTests/paint/invalidation/subpixel-shadow-move.html
[modify] https://crrev.com/2195c17ababe2e9f24c9e9fe7d5da2a9915349cf/third_party/blink/renderer/core/layout/layout_box.cc
[modify] https://crrev.com/2195c17ababe2e9f24c9e9fe7d5da2a9915349cf/third_party/blink/renderer/core/layout/layout_box.h
[modify] https://crrev.com/2195c17ababe2e9f24c9e9fe7d5da2a9915349cf/third_party/blink/renderer/core/layout/overflow_model.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/19327a652bb7c8806ec437ba577f280c5962e12e

commit 19327a652bb7c8806ec437ba577f280c5962e12e
Author: Xianzhu Wang <wangxianzhu@chromium.org>
Date: Thu Apr 12 20:32:43 2018

Reland "[PE] Let visual rect cover sub-pixel visual effect outsets"

This is a reland of 2d526f29f2a8d8df3cab30b7ae407106574ce547

Was reverted because it caused  crbug.com/832020  which is a crash in
the following case:
  <div style="width: 0; height: 0; box-shadow: 0 5.5px"></div>
The div has zero size and visual effect outset on one side only,
so the overflow is still zero and doesn't create OverflowModel.

Original change's description:
> [PE] Let visual rect cover sub-pixel visual effect outsets
>
> If an overflowing visual effect has sub-pixel geometry and is painted
> with anti-aliasing along pixel-snapped border box, the pixel-snapping
> may cause the anti-aliased edge overflow the calculated visual rect.
>
> Let LayoutBox::VisualRectOutsetForRasterEffects() return 1 if there are
> any sub-pixel visual effect outsets to ensure the visual rect covers
> all pixels.
>
> Bug:  827516 
> Change-Id: I48f8350fb2124d002333a4cc76486c63ca55f8c9
> Reviewed-on: https://chromium-review.googlesource.com/1003492
> Reviewed-by: Chris Harrelson <chrishtr@chromium.org>
> Reviewed-by: Florin Malita <fmalita@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#550014}

Bug:  827516 ,  832020 
Change-Id: I4e7831d7d91cc541127670ac102ec0292ae50387
Reviewed-on: https://chromium-review.googlesource.com/1010583
Reviewed-by: Chris Harrelson <chrishtr@chromium.org>
Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#550334}
[add] https://crrev.com/19327a652bb7c8806ec437ba577f280c5962e12e/third_party/WebKit/LayoutTests/paint/invalidation/subpixel-shadow-move-expected.html
[add] https://crrev.com/19327a652bb7c8806ec437ba577f280c5962e12e/third_party/WebKit/LayoutTests/paint/invalidation/subpixel-shadow-move.html
[add] https://crrev.com/19327a652bb7c8806ec437ba577f280c5962e12e/third_party/WebKit/LayoutTests/paint/invalidation/subpixel-shadow-zero-size-box-crash.html
[modify] https://crrev.com/19327a652bb7c8806ec437ba577f280c5962e12e/third_party/blink/renderer/core/layout/layout_box.cc
[modify] https://crrev.com/19327a652bb7c8806ec437ba577f280c5962e12e/third_party/blink/renderer/core/layout/layout_box.h
[modify] https://crrev.com/19327a652bb7c8806ec437ba577f280c5962e12e/third_party/blink/renderer/core/layout/overflow_model.h

What are #c7 and "merge-merged-testbranch"?