Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/20a443ce6dd653ce3259782667598f9b87211e5d (Reland: Split implementation of EventListener and EventHandler).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1d2509fc2ebc7c9848726c1b208483e1e1efc485

commit 1d2509fc2ebc7c9848726c1b208483e1e1efc485
Author: Yuki Yamada <yukiy@google.com>
Date: Fri Oct 12 09:45:43 2018

Added security check for cross origin

This CL adds a security check for cross origin with
BindingSecurity::ShouldAllowAccessToCreationContext().
|js_event|, a V8 wrapper object for event object, must be created in the
relevant realm of the event target, but it is possible that listener's
relevant context cannnot access the relevant realm of event target
(ex. when Document.origin is changed).
We have to check this before invoking event listener.

Bug:  872138 ,  884516 
Change-Id: Ic5d0c8e6cda4db57a2097ce230e75cc59905b350
Reviewed-on: https://chromium-review.googlesource.com/c/1270300
Commit-Queue: Yuki Yamada <yukiy@google.com>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Reviewed-by: Hitoshi Yoshida <peria@chromium.org>
Reviewed-by: Yuki Shiino <yukishiino@chromium.org>
Cr-Commit-Position: refs/heads/master@{#599154}
[modify] https://crrev.com/1d2509fc2ebc7c9848726c1b208483e1e1efc485/third_party/blink/renderer/bindings/core/v8/js_based_event_listener.cc

ClusterFuzz has detected this issue as fixed in range 599153:599154.

Detailed report: https://clusterfuzz.com/testcase?key=5119888178544640

Fuzzer: mbarbella_js_mutation_layout
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !scope.AccessCheckFailed() in v8_dom_wrapper.cc
  blink::V8DOMWrapper::CreateWrapper
  blink::ScriptWrappable::Wrap
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=589819:589820
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=599153:599154

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5119888178544640

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5119888178544640 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.