Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically adding ccs based on suspected regression changelists:

Disable non-composited animations via feature policy by iclelland@chromium.org - https://chromium.googlesource.com/chromium/src/+/9831ecc703d4316100735d9ed9a86702d3a34652

[Squad] style_ in StyleResolverState is always mutable. by futhark@chromium.org - https://chromium.googlesource.com/chromium/src/+/f1b06666866a207acc3a263a83f787267b56ad05

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.

iclelland@/futhark@ : Could you please look into it.

Xida, is this the same underlying issue as the previous float cast problems?

I will investigate

Thanks :)

It looks like an actual issue, that a very large (> float range) value is used as a rotation offset, which is out of bounds for the float in StyleOffsetRotation. Probably need to clamp, or promote StyleOffsetRotation.angle to double.

I think clamp is probably the right thing to do, we have existing implementation that does this:
https://cs.chromium.org/chromium/src/third_party/blink/renderer/core/animation/css_font_variation_settings_interpolation_type.cc?l=218

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/59380c61f271cd6d64378a44bc19f1ca60e173a4

commit 59380c61f271cd6d64378a44bc19f1ca60e173a4
Author: Xida Chen <xidachen@chromium.org>
Date: Thu Jan 10 18:15:57 2019

Fix float-cast-overflow in CSSOffsetRotateInterpolationType

Right now in the
CSSOffsetRotateInterpolationType::ApplyStandardPropertyValue, there is
an implicit cast from double to float, and that could overflow. This
CL applies clampTo, which is consistent to the existing implementation:
https://cs.chromium.org/chromium/src/third_party/blink/renderer/core/animation/css_font_variation_settings_interpolation_type.cc?l=218

This CL also adds a layout test to make sure that it doesn't regress.

Bug:  918430 
Change-Id: I4a603e5b5992b5132fb37a3982d69a2db4e710b3
Reviewed-on: https://chromium-review.googlesource.com/c/1394788
Reviewed-by: Stephen McGruer <smcgruer@chromium.org>
Commit-Queue: Xida Chen <xidachen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#621641}
[modify] https://crrev.com/59380c61f271cd6d64378a44bc19f1ca60e173a4/third_party/blink/renderer/core/animation/css_offset_rotate_interpolation_type.cc
[modify] https://crrev.com/59380c61f271cd6d64378a44bc19f1ca60e173a4/third_party/blink/web_tests/animations/interpolation/offset-rotate-interpolation.html

ClusterFuzz has detected this issue as fixed in range 621636:621642.

Detailed report: https://clusterfuzz.com/testcase?key=4900011464458240

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Float-cast-overflow
Crash Address: 
Crash State:
  blink::CSSOffsetRotateInterpolationType::ApplyStandardPropertyValue
  blink::CSSInterpolationType::Apply
  blink::TransitionInterpolation::Apply
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=551565:563900
Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=621636:621642

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4900011464458240

See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4900011464458240 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.