Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/66bcb57a90138959ea5a42de0677ceb3cc0a40f0 (Reland "cc, gpu: Make serialization code bitness agnostic.").

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/78e0f67b19575065431e985379d36d4474c11f4a

commit 78e0f67b19575065431e985379d36d4474c11f4a
Author: Peter Collingbourne <pcc@chromium.org>
Date: Tue Jul 31 17:27:43 2018

cc: Always serialize matrices with an unknown type.

This ensures that deserialize -> serialize produces the same result as
deserialize -> serialize -> deserialize -> serialize for a particular
reproducer discovered by clusterfuzz. It was previously possible for
the first serialization to produce a different result than the second
one in the following way:

- the first deserialize would set the matrix type initially to unknown
  (in FixupMatrixPostSerialization) but then set it to the correct
  matrix type as a side effect of creating a transfer cache entry
  (see the following stack trace):

 #0  0x00000000006c9f70 in SkMatrix::getType() const () at ../../third_party/skia/include/core/SkMatrix.h:140
 #1  0x00000000006d3f3d in SkMatrix::isIdentity() const () at ../../third_party/skia/include/core/SkMatrix.h:155
 #2  0x00000000006d1031 in SkMatrix::invert(SkMatrix*) const () at ../../third_party/skia/include/core/SkMatrix.h:1152
 #3  0x0000000000a7e330 in SkGradientShader::MakeSweep(float, float, SkColor4f const*, sk_sp<SkColorSpace>, float const*, int, SkShader::TileMode, float, float, unsigned int, SkMatrix const*) () at ../../third_party/skia/src/shaders/gradients/SkGradientShader.cpp:886
 #4  0x0000000000a7e1c0 in SkGradientShader::MakeSweep(float, float, unsigned int const*, float const*, int, SkShader::TileMode, float, float, unsigned int, SkMatrix const*) () at ../../third_party/skia/src/shaders/gradients/SkGradientShader.cpp:863
 #5  0x0000000000dc2e0d in CreateSkShader() () at ../../cc/paint/paint_shader.cc:397
 #6  0x0000000000daf94d in Read() () at ../../cc/paint/paint_op_reader.cc:522

- the first serialize would write out the correct matrix type verbatim
  from the data structure

- the second deserialize would set the matrix type to unknown but would
  not end up setting it to the correct matrix type because a transfer
  cache entry exists so we follow this code path instead:

  https://cs.chromium.org/chromium/src/cc/paint/paint_op_reader.cc?l=519

- the second serialize would again write the matrix type verbatim from
  the data structure, but this time it would be unknown.

This change fixes the problem by always writing unknown.

Bug:  868966 
Cq-Include-Trybots: luci.chromium.try:android_optional_gpu_tests_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Idfb1dcf82e652b696dde5427d9890b0ff6d9a268
Reviewed-on: https://chromium-review.googlesource.com/1156127
Reviewed-by: Antoine Labour <piman@chromium.org>
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#579453}
[modify] https://crrev.com/78e0f67b19575065431e985379d36d4474c11f4a/cc/paint/paint_op_writer.cc
[modify] https://crrev.com/78e0f67b19575065431e985379d36d4474c11f4a/cc/paint/paint_op_writer.h

ClusterFuzz has detected this issue as fixed in range 579446:579467.

Detailed report: https://clusterfuzz.com/testcase?key=5848694814146560

Fuzzer: libFuzzer_paint_op_buffer_eq_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  0 == memcmp(serialized2.get(), serialized3.get(), written_bytes2) in paint_op_bu
  paint_op_buffer_eq_fuzzer.cc
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=578890:578891
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=579446:579467

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5848694814146560

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5848694814146560 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.