Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

The only blink change in the regression range is dtapuska's change, which doesn't seem related.

yukishiino@, can you take a look?

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/756bea38c853ce40e3daba7f7fadf85b0920785f

commit 756bea38c853ce40e3daba7f7fadf85b0920785f
Author: Yuki Shiino <yukishiino@chromium.org>
Date: Tue Nov 20 10:52:50 2018

v8binding: Do not hold a cross origin ScriptState in IDL callback function

Make IDL callback function not hold a ScriptState of its
creation context when it's cross origin from the incumbent
realm.

Not holding a cross origin ScriptState, there is much
less risk to access a cross origin context.

IDL callback interface will follow the same approach in
a separate patch.

Bug:  892755 ,  886588 ,  904218 
Change-Id: Ie55b436fcc5f66f4ee053ef08ad98ea68fb3a2d6
Reviewed-on: https://chromium-review.googlesource.com/c/1314023
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Reviewed-by: Hitoshi Yoshida <peria@chromium.org>
Commit-Queue: Yuki Shiino <yukishiino@chromium.org>
Cr-Commit-Position: refs/heads/master@{#609662}
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/bindings/core/v8/js_based_event_listener.cc
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/bindings/core/v8/js_based_event_listener.h
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/bindings/core/v8/js_event_handler.h
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/bindings/core/v8/js_event_listener.h
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/bindings/templates/callback_function.cc.tmpl
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/bindings/templates/callback_interface.cc.tmpl
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/bindings/templates/callback_invoke.cc.tmpl
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/bindings/tests/results/core/v8_any_callback_function_optional_any_arg.cc
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/bindings/tests/results/core/v8_any_callback_function_variadic_any_args.cc
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/bindings/tests/results/core/v8_long_callback_function.cc
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/bindings/tests/results/core/v8_string_sequence_callback_function_long_sequence_arg.cc
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/bindings/tests/results/core/v8_test_callback_interface.cc
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/bindings/tests/results/core/v8_test_legacy_callback_interface.cc
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/bindings/tests/results/core/v8_treat_non_object_as_null_boolean_function.cc
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/bindings/tests/results/core/v8_treat_non_object_as_null_void_function.cc
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function.cc
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function_dictionary_arg.cc
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function_enum_arg.cc
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function_interface_arg.cc
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function_test_interface_sequence_arg.cc
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function_typedef.cc
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/bindings/tests/results/modules/v8_void_callback_function_modules.cc
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/modules/nfc/nfc.cc
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/platform/bindings/callback_function_base.cc
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/platform/bindings/callback_function_base.h
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/platform/bindings/callback_interface_base.cc
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/platform/bindings/callback_interface_base.h
[modify] https://crrev.com/756bea38c853ce40e3daba7f7fadf85b0920785f/third_party/blink/renderer/platform/bindings/to_v8.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172

commit 1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172
Author: Maxim Kolosovskiy <kolos@chromium.org>
Date: Tue Nov 20 13:08:47 2018

Revert "v8binding: Do not hold a cross origin ScriptState in IDL callback function"

This reverts commit 756bea38c853ce40e3daba7f7fadf85b0920785f.

Reason for revert: FindIt suspects that this is the culprit for a number of failures https://findit-for-me.appspot.com/waterfall/failure?url=https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20Trusty%20ASAN/builds/18261

Original change's description:
> v8binding: Do not hold a cross origin ScriptState in IDL callback function
> 
> Make IDL callback function not hold a ScriptState of its
> creation context when it's cross origin from the incumbent
> realm.
> 
> Not holding a cross origin ScriptState, there is much
> less risk to access a cross origin context.
> 
> IDL callback interface will follow the same approach in
> a separate patch.
> 
> Bug:  892755 ,  886588 ,  904218 
> Change-Id: Ie55b436fcc5f66f4ee053ef08ad98ea68fb3a2d6
> Reviewed-on: https://chromium-review.googlesource.com/c/1314023
> Reviewed-by: Kentaro Hara <haraken@chromium.org>
> Reviewed-by: Hitoshi Yoshida <peria@chromium.org>
> Commit-Queue: Yuki Shiino <yukishiino@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#609662}

TBR=peria@chromium.org,yukishiino@chromium.org,haraken@chromium.org

Change-Id: Ic0e5a3006a43f8a95202ac1d890f365307068877
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug:  892755 ,  886588 ,  904218 
Reviewed-on: https://chromium-review.googlesource.com/c/1343093
Reviewed-by: Maxim Kolosovskiy <kolos@chromium.org>
Commit-Queue: Maxim Kolosovskiy <kolos@chromium.org>
Cr-Commit-Position: refs/heads/master@{#609678}
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/bindings/core/v8/js_based_event_listener.cc
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/bindings/core/v8/js_based_event_listener.h
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/bindings/core/v8/js_event_handler.h
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/bindings/core/v8/js_event_listener.h
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/bindings/templates/callback_function.cc.tmpl
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/bindings/templates/callback_interface.cc.tmpl
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/bindings/templates/callback_invoke.cc.tmpl
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/bindings/tests/results/core/v8_any_callback_function_optional_any_arg.cc
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/bindings/tests/results/core/v8_any_callback_function_variadic_any_args.cc
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/bindings/tests/results/core/v8_long_callback_function.cc
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/bindings/tests/results/core/v8_string_sequence_callback_function_long_sequence_arg.cc
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/bindings/tests/results/core/v8_test_callback_interface.cc
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/bindings/tests/results/core/v8_test_legacy_callback_interface.cc
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/bindings/tests/results/core/v8_treat_non_object_as_null_boolean_function.cc
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/bindings/tests/results/core/v8_treat_non_object_as_null_void_function.cc
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function.cc
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function_dictionary_arg.cc
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function_enum_arg.cc
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function_interface_arg.cc
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function_test_interface_sequence_arg.cc
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function_typedef.cc
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/bindings/tests/results/modules/v8_void_callback_function_modules.cc
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/modules/nfc/nfc.cc
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/platform/bindings/callback_function_base.cc
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/platform/bindings/callback_function_base.h
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/platform/bindings/callback_interface_base.cc
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/platform/bindings/callback_interface_base.h
[modify] https://crrev.com/1c21bc5a4c200a0f6acf959baa6c4cd8f61a5172/third_party/blink/renderer/platform/bindings/to_v8.h

ClusterFuzz has detected this issue as fixed in range 610358:610359.

Detailed report: https://clusterfuzz.com/testcase?key=4707072379453440

Fuzzer: lcamtuf_cross_fuzz
Job Type: linux_ubsan_vptr_chrome
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000000
Crash State:
  blink::CallbackFunctionBase::CallbackFunctionBase
  blink::JSEventHandler::JSEventHandler
  blink::V8EventListenerHelper::GetEventHandler
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_chrome&range=606667:606674
Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_chrome&range=610358:610359

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4707072379453440

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4707072379453440 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

 Issue 908195  has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/20b501c316f87203b461a6769f3d113711ecaa1e

commit 20b501c316f87203b461a6769f3d113711ecaa1e
Author: Yuki Shiino <yukishiino@chromium.org>
Date: Mon Nov 26 11:59:40 2018

Reland "v8binding: Do not hold a cross origin ScriptState in IDL callback function"

This is a reland of 756bea38c853ce40e3daba7f7fadf85b0920785f

Original change's description:
> v8binding: Do not hold a cross origin ScriptState in IDL callback function
> 
> Make IDL callback function not hold a ScriptState of its
> creation context when it's cross origin from the incumbent
> realm.
> 
> Not holding a cross origin ScriptState, there is much
> less risk to access a cross origin context.
> 
> IDL callback interface will follow the same approach in
> a separate patch.
> 
> Bug:  892755 ,  886588 ,  904218 
> Change-Id: Ie55b436fcc5f66f4ee053ef08ad98ea68fb3a2d6
> Reviewed-on: https://chromium-review.googlesource.com/c/1314023
> Reviewed-by: Kentaro Hara <haraken@chromium.org>
> Reviewed-by: Hitoshi Yoshida <peria@chromium.org>
> Commit-Queue: Yuki Shiino <yukishiino@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#609662}

Bug:  892755 ,  886588 ,  904218 
Change-Id: I78ca7050e659cdb533ae09dab792bc699d2b48bf
Reviewed-on: https://chromium-review.googlesource.com/c/1343881
Commit-Queue: Yuki Shiino <yukishiino@chromium.org>
Reviewed-by: Hitoshi Yoshida <peria@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Cr-Commit-Position: refs/heads/master@{#610820}
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/bindings/core/v8/js_based_event_listener.cc
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/bindings/core/v8/js_based_event_listener.h
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/bindings/core/v8/js_event_handler.h
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/bindings/core/v8/js_event_listener.h
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/bindings/templates/callback_function.cc.tmpl
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/bindings/templates/callback_interface.cc.tmpl
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/bindings/templates/callback_invoke.cc.tmpl
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/bindings/tests/results/core/v8_any_callback_function_optional_any_arg.cc
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/bindings/tests/results/core/v8_any_callback_function_variadic_any_args.cc
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/bindings/tests/results/core/v8_long_callback_function.cc
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/bindings/tests/results/core/v8_string_sequence_callback_function_long_sequence_arg.cc
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/bindings/tests/results/core/v8_test_callback_interface.cc
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/bindings/tests/results/core/v8_test_legacy_callback_interface.cc
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/bindings/tests/results/core/v8_treat_non_object_as_null_boolean_function.cc
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/bindings/tests/results/core/v8_treat_non_object_as_null_void_function.cc
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function.cc
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function_dictionary_arg.cc
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function_enum_arg.cc
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function_interface_arg.cc
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function_test_interface_sequence_arg.cc
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function_typedef.cc
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/bindings/tests/results/modules/v8_void_callback_function_modules.cc
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/modules/nfc/nfc.cc
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/platform/bindings/callback_function_base.cc
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/platform/bindings/callback_function_base.h
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/platform/bindings/callback_interface_base.cc
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/platform/bindings/callback_interface_base.h
[modify] https://crrev.com/20b501c316f87203b461a6769f3d113711ecaa1e/third_party/blink/renderer/platform/bindings/to_v8.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/081fd44ad92323c8562b7f952f7eef8a61232505

commit 081fd44ad92323c8562b7f952f7eef8a61232505
Author: Mounir Lamouri <mlamouri@chromium.org>
Date: Mon Nov 26 20:13:25 2018

Revert "Reland "v8binding: Do not hold a cross origin ScriptState in IDL callback function""

This reverts commit 20b501c316f87203b461a6769f3d113711ecaa1e.

Reason for revert:
FindIt believe with 74% confidence that it's the cause of these failures: https://ci.chromium.org/p/chromium/builders/luci.chromium.ci/Linux%20ChromiumOS%20MSan%20Tests/9835

Original change's description:
> Reland "v8binding: Do not hold a cross origin ScriptState in IDL callback function"
> 
> This is a reland of 756bea38c853ce40e3daba7f7fadf85b0920785f
> 
> Original change's description:
> > v8binding: Do not hold a cross origin ScriptState in IDL callback function
> > 
> > Make IDL callback function not hold a ScriptState of its
> > creation context when it's cross origin from the incumbent
> > realm.
> > 
> > Not holding a cross origin ScriptState, there is much
> > less risk to access a cross origin context.
> > 
> > IDL callback interface will follow the same approach in
> > a separate patch.
> > 
> > Bug:  892755 ,  886588 ,  904218 
> > Change-Id: Ie55b436fcc5f66f4ee053ef08ad98ea68fb3a2d6
> > Reviewed-on: https://chromium-review.googlesource.com/c/1314023
> > Reviewed-by: Kentaro Hara <haraken@chromium.org>
> > Reviewed-by: Hitoshi Yoshida <peria@chromium.org>
> > Commit-Queue: Yuki Shiino <yukishiino@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#609662}
> 
> Bug:  892755 ,  886588 ,  904218 
> Change-Id: I78ca7050e659cdb533ae09dab792bc699d2b48bf
> Reviewed-on: https://chromium-review.googlesource.com/c/1343881
> Commit-Queue: Yuki Shiino <yukishiino@chromium.org>
> Reviewed-by: Hitoshi Yoshida <peria@chromium.org>
> Reviewed-by: Kentaro Hara <haraken@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#610820}

TBR=peria@chromium.org,yukishiino@chromium.org,haraken@chromium.org

Change-Id: I21faed593e8bdaae31c86a11413b18d31ab38c45
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug:  892755 ,  886588 ,  904218 
Reviewed-on: https://chromium-review.googlesource.com/c/1351424
Reviewed-by: Mounir Lamouri <mlamouri@chromium.org>
Commit-Queue: Mounir Lamouri <mlamouri@chromium.org>
Cr-Commit-Position: refs/heads/master@{#610929}
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/bindings/core/v8/js_based_event_listener.cc
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/bindings/core/v8/js_based_event_listener.h
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/bindings/core/v8/js_event_handler.h
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/bindings/core/v8/js_event_listener.h
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/bindings/templates/callback_function.cc.tmpl
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/bindings/templates/callback_interface.cc.tmpl
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/bindings/templates/callback_invoke.cc.tmpl
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/bindings/tests/results/core/v8_any_callback_function_optional_any_arg.cc
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/bindings/tests/results/core/v8_any_callback_function_variadic_any_args.cc
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/bindings/tests/results/core/v8_long_callback_function.cc
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/bindings/tests/results/core/v8_string_sequence_callback_function_long_sequence_arg.cc
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/bindings/tests/results/core/v8_test_callback_interface.cc
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/bindings/tests/results/core/v8_test_legacy_callback_interface.cc
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/bindings/tests/results/core/v8_treat_non_object_as_null_boolean_function.cc
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/bindings/tests/results/core/v8_treat_non_object_as_null_void_function.cc
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function.cc
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function_dictionary_arg.cc
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function_enum_arg.cc
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function_interface_arg.cc
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function_test_interface_sequence_arg.cc
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function_typedef.cc
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/bindings/tests/results/modules/v8_void_callback_function_modules.cc
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/modules/nfc/nfc.cc
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/platform/bindings/callback_function_base.cc
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/platform/bindings/callback_function_base.h
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/platform/bindings/callback_interface_base.cc
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/platform/bindings/callback_interface_base.h
[modify] https://crrev.com/081fd44ad92323c8562b7f952f7eef8a61232505/third_party/blink/renderer/platform/bindings/to_v8.h

ClusterFuzz testcase 5882122356916224 is still reproducing on tip-of-tree build (trunk).

Please re-test your fix against this testcase and if the fix was incorrect or incomplete, please re-open the bug. Otherwise, ignore this notification and add ClusterFuzz-Wrong label.

 Issue 908880  has been merged into this issue.

 Issue 911646  has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b7bfa99e8bbca8398931f9a75904007265b057ba

commit b7bfa99e8bbca8398931f9a75904007265b057ba
Author: Yuki Shiino <yukishiino@chromium.org>
Date: Mon Dec 10 11:03:13 2018

Reland "Reland "v8binding: Do not hold a cross origin ScriptState in IDL callback function""

This is a reland of 20b501c316f87203b461a6769f3d113711ecaa1e

The cause of the previous revert was fixed at:
https://chromium-review.googlesource.com/c/v8/v8/+/1356691
and there is no change between this patch and the previous one.

Original change's description:
> Reland "v8binding: Do not hold a cross origin ScriptState in IDL callback function"
>
> This is a reland of 756bea38c853ce40e3daba7f7fadf85b0920785f
>
> Original change's description:
> > v8binding: Do not hold a cross origin ScriptState in IDL callback function
> >
> > Make IDL callback function not hold a ScriptState of its
> > creation context when it's cross origin from the incumbent
> > realm.
> >
> > Not holding a cross origin ScriptState, there is much
> > less risk to access a cross origin context.
> >
> > IDL callback interface will follow the same approach in
> > a separate patch.
> >
> > Bug:  892755 ,  886588 ,  904218 
> > Change-Id: Ie55b436fcc5f66f4ee053ef08ad98ea68fb3a2d6
> > Reviewed-on: https://chromium-review.googlesource.com/c/1314023
> > Reviewed-by: Kentaro Hara <haraken@chromium.org>
> > Reviewed-by: Hitoshi Yoshida <peria@chromium.org>
> > Commit-Queue: Yuki Shiino <yukishiino@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#609662}
>
> Bug:  892755 ,  886588 ,  904218 
> Change-Id: I78ca7050e659cdb533ae09dab792bc699d2b48bf
> Reviewed-on: https://chromium-review.googlesource.com/c/1343881
> Commit-Queue: Yuki Shiino <yukishiino@chromium.org>
> Reviewed-by: Hitoshi Yoshida <peria@chromium.org>
> Reviewed-by: Kentaro Hara <haraken@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#610820}

Bug:  892755 ,  886588 ,  904218 
Change-Id: I56d7ff74b1b37a6fd6c66f130da936bb6aff79d0
Reviewed-on: https://chromium-review.googlesource.com/c/1353037
Commit-Queue: Yuki Shiino <yukishiino@chromium.org>
Reviewed-by: Hitoshi Yoshida <peria@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Cr-Commit-Position: refs/heads/master@{#615080}
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/bindings/core/v8/js_based_event_listener.cc
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/bindings/core/v8/js_based_event_listener.h
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/bindings/core/v8/js_event_handler.h
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/bindings/core/v8/js_event_listener.h
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/bindings/templates/callback_function.cc.tmpl
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/bindings/templates/callback_interface.cc.tmpl
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/bindings/templates/callback_invoke.cc.tmpl
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/bindings/tests/results/core/v8_any_callback_function_optional_any_arg.cc
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/bindings/tests/results/core/v8_any_callback_function_variadic_any_args.cc
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/bindings/tests/results/core/v8_long_callback_function.cc
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/bindings/tests/results/core/v8_string_sequence_callback_function_long_sequence_arg.cc
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/bindings/tests/results/core/v8_test_callback_interface.cc
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/bindings/tests/results/core/v8_test_legacy_callback_interface.cc
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/bindings/tests/results/core/v8_treat_non_object_as_null_boolean_function.cc
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/bindings/tests/results/core/v8_treat_non_object_as_null_void_function.cc
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function.cc
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function_dictionary_arg.cc
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function_enum_arg.cc
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function_interface_arg.cc
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function_test_interface_sequence_arg.cc
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/bindings/tests/results/core/v8_void_callback_function_typedef.cc
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/bindings/tests/results/modules/v8_void_callback_function_modules.cc
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/modules/nfc/nfc.cc
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/platform/bindings/callback_function_base.cc
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/platform/bindings/callback_function_base.h
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/platform/bindings/callback_interface_base.cc
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/platform/bindings/callback_interface_base.h
[modify] https://crrev.com/b7bfa99e8bbca8398931f9a75904007265b057ba/third_party/blink/renderer/platform/bindings/to_v8.h