The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/70eeb1f3fb681c599efcb3083138f21b9311ed80

commit 70eeb1f3fb681c599efcb3083138f21b9311ed80
Author: Kenneth Russell <kbr@chromium.org>
Date: Fri Nov 16 00:56:34 2018

Rerun build_raster_cmd_buffer.py.

Needed to be rerun after recent changes.

Bug: 890539, 905459,  905889 
Change-Id: I6258f331d0d2be44d000e792c5e2a571342bec26
Reviewed-on: https://chromium-review.googlesource.com/c/1338724
Reviewed-by: James Darpinian <jdarpinian@chromium.org>
Commit-Queue: Kenneth Russell <kbr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#608607}
[modify] https://crrev.com/70eeb1f3fb681c599efcb3083138f21b9311ed80/gpu/command_buffer/service/raster_decoder_autogen.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/793071a0e342a52a14a4f75b81dc8cd4fbd97bd3

commit 793071a0e342a52a14a4f75b81dc8cd4fbd97bd3
Author: James Darpinian <jdarpinian@chromium.org>
Date: Fri Nov 16 18:14:53 2018

gpu: Detect when result pointers are invalidated

If the transfer buffer is resized, pointers returned by GetResultAs are
invalidated. This changes GetResultAs to return a smart pointer class
that allows us to detect if a result pointer is still in use when the
buffer is resized and safely crash.

Bug:  905889 , 905890
Change-Id: I67b243a779f1a2996e7c13740c5ebdcfda16d0d3
Reviewed-on: https://chromium-review.googlesource.com/c/1336753
Commit-Queue: James Darpinian <jdarpinian@chromium.org>
Reviewed-by: Antoine Labour <piman@chromium.org>
Reviewed-by: Kenneth Russell <kbr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#608856}
[modify] https://crrev.com/793071a0e342a52a14a4f75b81dc8cd4fbd97bd3/gpu/command_buffer/build_cmd_buffer_lib.py
[modify] https://crrev.com/793071a0e342a52a14a4f75b81dc8cd4fbd97bd3/gpu/command_buffer/client/gles2_implementation.cc
[modify] https://crrev.com/793071a0e342a52a14a4f75b81dc8cd4fbd97bd3/gpu/command_buffer/client/gles2_implementation_impl_autogen.h
[modify] https://crrev.com/793071a0e342a52a14a4f75b81dc8cd4fbd97bd3/gpu/command_buffer/client/implementation_base.cc
[modify] https://crrev.com/793071a0e342a52a14a4f75b81dc8cd4fbd97bd3/gpu/command_buffer/client/implementation_base.h
[modify] https://crrev.com/793071a0e342a52a14a4f75b81dc8cd4fbd97bd3/gpu/command_buffer/client/mock_transfer_buffer.cc
[modify] https://crrev.com/793071a0e342a52a14a4f75b81dc8cd4fbd97bd3/gpu/command_buffer/client/mock_transfer_buffer.h
[modify] https://crrev.com/793071a0e342a52a14a4f75b81dc8cd4fbd97bd3/gpu/command_buffer/client/raster_implementation.cc
[modify] https://crrev.com/793071a0e342a52a14a4f75b81dc8cd4fbd97bd3/gpu/command_buffer/client/raster_implementation_impl_autogen.h
[modify] https://crrev.com/793071a0e342a52a14a4f75b81dc8cd4fbd97bd3/gpu/command_buffer/client/transfer_buffer.cc
[modify] https://crrev.com/793071a0e342a52a14a4f75b81dc8cd4fbd97bd3/gpu/command_buffer/client/transfer_buffer.h
[modify] https://crrev.com/793071a0e342a52a14a4f75b81dc8cd4fbd97bd3/gpu/command_buffer/client/transfer_buffer_unittest.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/44911c8ee06a4c3972bd88a54d624ad12739e368

commit 44911c8ee06a4c3972bd88a54d624ad12739e368
Author: James Darpinian <jdarpinian@chromium.org>
Date: Tue Nov 27 17:22:06 2018

gpu: Fix CHECK failure found by ClusterFuzz

ClusterFuzz found a case where the transfer buffer could be resized
after we finish using a ScopedResultPtr but before it goes out of scope.
This cleans up the dangling pointer by reducing its scope.

Bug:  905889 ,  906409 
Change-Id: I9e4aec8ed8f66df15404719c2589f775b433c3cd
Reviewed-on: https://chromium-review.googlesource.com/c/1351783
Reviewed-by: Antoine Labour <piman@chromium.org>
Commit-Queue: James Darpinian <jdarpinian@chromium.org>
Cr-Commit-Position: refs/heads/master@{#611158}
[modify] https://crrev.com/44911c8ee06a4c3972bd88a54d624ad12739e368/gpu/command_buffer/client/implementation_base.cc

Issue 904097 has been merged into this issue.