Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/774e03c6946af8fa37f226e3446bd80a5d27fd37 (Remove levels from RasterInterface).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1fbb849d6fcc93b3e504d831a801a37c466b2eb9

commit 1fbb849d6fcc93b3e504d831a801a37c466b2eb9
Author: Jonathan Backer <backer@chromium.org>
Date: Mon Jun 11 21:44:37 2018

Fix clusterfuzz int overflow

width and height are int32. ComputeImageDataSizesES3 returns uint32.
clusterfuzz found a case where width * height overflows an int32, but
not an uint32.

This CL does the safe mult in uint32. Conversion of width and height
to uint32 is fine because we've previously verified them as
non-negative.

Bug:  850861 
Cq-Include-Trybots: luci.chromium.try:android_optional_gpu_tests_rel;luci.chromium.try:linux_optional_gpu_tests_rel;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:win_optional_gpu_tests_rel
Change-Id: I781490f9fa821eff8a32319ca76d3aa9176dec92
Reviewed-on: https://chromium-review.googlesource.com/1095647
Reviewed-by: Zhenyao Mo <zmo@chromium.org>
Commit-Queue: Jonathan Backer <backer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#566157}
[modify] https://crrev.com/1fbb849d6fcc93b3e504d831a801a37c466b2eb9/gpu/command_buffer/service/gles2_cmd_decoder.cc
[modify] https://crrev.com/1fbb849d6fcc93b3e504d831a801a37c466b2eb9/gpu/command_buffer/service/raster_decoder.cc

ClusterFuzz has detected this issue as fixed in range 566149:566173.

Detailed report: https://clusterfuzz.com/testcase?key=5400650092118016

Fuzzer: libFuzzer_gpu_raster_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  gpu::raster::RasterDecoderImpl::DoTexStorage2D
  gpu::raster::RasterDecoderImpl::HandleTexStorage2D
  gpu::error::Error gpu::raster::RasterDecoderImpl::DoCommandsImpl<false>
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=564529:564591
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=566149:566173

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5400650092118016

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5400650092118016 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.