Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/angle/angle/+/02c9c04f512aa2194f83cdc9749c2f5bba0b434f (Optimize ValidateDrawAttribs: Part 2.).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Can confirm this is a real issue. Will investigate.

The following revision refers to this bug:
  https://chromium.googlesource.com/angle/angle/+/629bb25900b66de6659240da66a911d8241fe2ef

commit 629bb25900b66de6659240da66a911d8241fe2ef
Author: Jamie Madill <jmadill@chromium.org>
Date: Fri Apr 20 16:27:07 2018

Fix WebGL compat feedback loop null deref.

This regressed in "Optimize ValidateDrawAttribs: Part 2."

Bug:  chromium:834943 
Bug:  angleproject:1391 
Change-Id: I217719d76b0524ed7900e18bcc4ca1280ec7b6ff
Reviewed-on: https://chromium-review.googlesource.com/1020280
Commit-Queue: Jamie Madill <jmadill@chromium.org>
Reviewed-by: Jamie Madill <jmadill@chromium.org>

[modify] https://crrev.com/629bb25900b66de6659240da66a911d8241fe2ef/src/libANGLE/VertexAttribute.cpp
[modify] https://crrev.com/629bb25900b66de6659240da66a911d8241fe2ef/src/tests/gl_tests/WebGLCompatibilityTest.cpp
[modify] https://crrev.com/629bb25900b66de6659240da66a911d8241fe2ef/src/libANGLE/validationES.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/90e886d1638437a1346367e36bbff675a826fe66

commit 90e886d1638437a1346367e36bbff675a826fe66
Author: angle-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com <angle-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Date: Fri Apr 20 23:32:04 2018

Roll src/third_party/angle/ 3ec304dba..5f21df831 (8 commits)

https://chromium.googlesource.com/angle/angle.git/+log/3ec304dba28d..5f21df8318e9

$ git log 3ec304dba..5f21df831 --date=short --no-merges --format='%ad %ae %s'
2018-04-18 tobine Roll (1/2) LVL version forward and disable VANGLE
2018-04-19 ynovikov Use EGL_KHR_no_config_context in Android GLES backend, when available
2018-04-20 ynovikov Print more logs
2018-04-10 geofflang Refactor packed enum generation to support EGL enums.
2018-04-20 geofflang Use LIKELY and UNLIKELY macros to wrap error generation.
2018-04-20 jmadill Fix WebGL compat feedback loop null deref.
2018-04-19 tobine Make Mock ICD json file a data_dep of Mock ICD
2018-04-19 lucferron Refactor Texture::syncState to pass down the Context

Created with:
  roll-dep src/third_party/angle
BUG= chromium:609673 , chromium:834943 


The AutoRoll server is located here: https://angle-chromium-roll.skia.org

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, please contact the current sheriff, who should
be CC'd on the roll, and stop the roller if necessary.


CQ_INCLUDE_TRYBOTS=luci.chromium.try:android_optional_gpu_tests_rel;luci.chromium.try:linux_optional_gpu_tests_rel;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:win_optional_gpu_tests_rel
TBR=jmadill@chromium.org

Change-Id: Ifbfe7a6eec5c1771a9ecf20a9cd31f5070758588
Reviewed-on: https://chromium-review.googlesource.com/1022720
Reviewed-by: angle-chromium-autoroll <angle-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Commit-Queue: angle-chromium-autoroll <angle-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#552520}
[modify] https://crrev.com/90e886d1638437a1346367e36bbff675a826fe66/DEPS

ClusterFuzz has detected this issue as fixed in range 552516:552520.

Detailed report: https://clusterfuzz.com/testcase?key=5361608893923328

Fuzzer: mbarbella_webgl
Job Type: windows_asan_chrome
Platform Id: windows

Crash Type: Null-dereference READ
Crash Address: 0x00000000007c
Crash State:
  gl::Buffer::isBoundForTransformFeedbackAndOtherUse
  gl::ValidateDrawAttribs
  gl::ValidateDrawArraysCommon
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome&range=551791:551792
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome&range=552516:552520

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5361608893923328

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5361608893923328 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.