Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/9ecf8ac1a7bdf444ec968b0b2f84763b69d21e1a (cc: Set shader id when reading PaintShader).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Ah, I see what's happening.  There's some PaintFlags that are stored in 176 bytes, but when writing them out it takes 232 bytes.  It ends up that we can't write out the whole op in the same amount of space that we used to read it in, and this causes some assertions.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/13de7e3dc62741227c5c27a709251d1a13029491

commit 13de7e3dc62741227c5c27a709251d1a13029491
Author: Adrienne Walker <enne@chromium.org>
Date: Tue Oct 23 17:46:58 2018

cc: Don't create a scaled shader for fixed scales

These are already scaled, so don't bother making an allocation.  This is
probably a minor perf optimization.

However, this also fixes a fuzzer issue where reading a PaintShader of N
bytes could not be written back out into N bytes, because the scaled
paint record shader included an unnecessary local matrix.

Bug:  897587 
Change-Id: Ia8f0e1395a130e2cbcc09a0886f0a1f58ba2b5dd
Reviewed-on: https://chromium-review.googlesource.com/c/1295174
Reviewed-by: Khushal <khushalsagar@chromium.org>
Commit-Queue: enne <enne@chromium.org>
Cr-Commit-Position: refs/heads/master@{#602006}
[modify] https://crrev.com/13de7e3dc62741227c5c27a709251d1a13029491/cc/paint/paint_op_buffer_eq_fuzzer.cc
[modify] https://crrev.com/13de7e3dc62741227c5c27a709251d1a13029491/cc/paint/paint_shader.cc

ClusterFuzz has detected this issue as fixed in range 602005:602007.

Detailed report: https://clusterfuzz.com/testcase?key=5255602186747904

Fuzzer: libFuzzer_paint_op_buffer_eq_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  size > 0U in aligned_memory.cc
  base::AlignedAlloc
  paint_op_buffer_eq_fuzzer.cc
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=593404:593411
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=602005:602007

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5255602186747904

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5255602186747904 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.