Author: cbiesinger@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/08feab39c0627d30339a02fdd3ac8d927c10e5d4
Time: Tue Apr 14 05:11:05 2015
The CL last changed line 1018 of file LayoutFlexibleBox.cpp, which is stack frame 0.

Author: cbiesinger@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/6971ce0948ae207627fccf7fb7dd87a547cc03ef
Time: Fri May 08 18:49:29 2015
The CL last changed line 1203 of file LayoutFlexibleBox.cpp, which is stack frame 1.

Author: cbiesinger
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/36921b28f83a30d8d0caaa408b1586afed2ca323
Time: Thu Nov 26 03:54:17 2015
The CL last changed line 792 of file LayoutFlexibleBox.cpp, which is stack frame 2.

Author: mstensho@opera.com
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/ea19b30f8665daf092f41d3fd62f9bfe99fcc18e
Time: Tue Jun 09 20:02:03 2015
The CL last changed line 289 of file LayoutFlexibleBox.cpp, which is stack frame 3.

Author: hyatt
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/d7dafcfaea34d563b00b5149b94575261464b857
Time: Tue Apr 29 23:32:54 2003
The CL last changed line 879 of file LayoutBlock.cpp, which is stack frame 4.

Author: mstensho@opera.com
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/bbdbf9ffa99ba94466aa14a698a7b0ccbf05eaff
Time: Mon Sep 07 09:07:52 2015
The CL last changed line 596 of file LayoutBlockFlow.cpp, which is stack frame 5.

Author: mstensho
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/fe283ea1ad33abe251cbb4a921f7f836085bab82
Time: Fri Mar 11 14:19:18 2016
The CL last changed line 646 of file LayoutBlockFlow.cpp, which is stack frame 6.

Suspected Project: chromium
Suspected Component: Blink>Layout
=====================================
Above is the only CL from findit and the changes made to file "LayoutFlexibleBox.cpp" from the frame #0 is more related to it. 

cbiesinger@ :Could you please look into this issue if it is related to your change,else please route this issue to an appropriate dev person.

Thanks,

essentially the same issue as  bug 397449  (via  bug 492678 )

ClusterFuzz has detected this issue as fixed in range 408165:408183.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5402304328499200

Fuzzer: inferno_twister
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  contentSize >= 0
  blink::LayoutFlexibleBox::adjustChildSizeForMinAndMax
  blink::LayoutFlexibleBox::computeNextFlexLine
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=356784:357068
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=408165:408183

Minimized Testcase (0.33 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96KTpAs3BEopZsaXmY6bfIS-9M-KizKh1hdHOkgq5COrpOIpMO03BBYevpQyR9BE2IV7JS3W23PpTAIJqZoBdqDfoV6pgjJm2VwAPBAYJsY0FPAI8JC8h1nclbGIb5_m48uFTn8hzRLjdRm-lHCmyoEqhMZbA?testcase_id=5402304328499200
<style>div {
    height: 8em;
    display: flex
    }
span {
    margin: 1em 0;
    flex: 0 0 50%
</style>
<div>
	<span>four<style>
* { animation-name: cfpulse74; max-height: -webkit-fit-content;  }<style>
@keyframes cfpulse1 { 0% { opacity: 0.9997;  } }
* { animation-name: cfpulse93;90px); padding-top: 67%;58%); writing-mode: tb-rl;


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

(not technically fixed, just using dcheck instead of assert now:
[1:1:0728/140050:1478869916156:FATAL:LayoutFlexibleBox.cpp(1123)] Check failed: contentSize >= LayoutUnit() (-13.8281 vs. 0)
but since this a dup anyway, that should be fine)

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot