ClusterFuzz has detected this issue as fixed in range 400618:400619.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5252244832518144

Fuzzer: mbarbella_js_mutation_layout
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x1034c2498486
Crash State:
  sk_ssse3::blit_mask_d32_a8
  SkBlitMask::BlitColor
  SkARGB32_Opaque_Blitter::blitMask
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=383194:384397
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=400618:400619

Minimized Testcase (0.20 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv97cCQhrSqDFIc4yjr8onUa0saiR_yKC1J45mJ83TVUxqf0mpsFelN8j7HC6OfJkNBGqJvJlEtstjwjj7p2VCoPMoH5xKMxCf-IsOpaFCHLgNyLJPGpEo2VIVbtuNmeOvORG38NkZ4qyrmgD0zGUhuhV8WFmkg?testcase_id=5252244832518144
<style>
   * { writing-mode: vertical-lr; letter-spacing: 170141183460469231731687303715884105727mm;</style>
  븿z

+reed, +mtklein. Can you take a look at this?

You bet!  I love it when these are this easy...

Given the nature of the stack, the similar minimized test case, and the fact that it was fixed by the same CL, I'm pretty sure this is a dupe of https://bugs.chromium.org/p/chromium/issues/detail?id=619378.

I cherry picked a fix for this to M52 yesterday.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot