Suspected CLs	No CL in the regression range changes the crashed files. The result is the blame information.

Author: mjs
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/f487f59a87e827ab8ec3544f0ac0749cc3b36d0c
Time: Fri Mar 31 11:24:53 2006
The CL last changed line 136 of file IntPoint.h, which is stack frame 0.

Author: allan.jensen@nokia.com
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/7ede06709d25e115b6808b037b9e1ac3035109a7
Time: Thu Aug 09 12:20:30 2012
The CL last changed line 217 of file FloatRect.cpp, which is stack frame 1.

Author: fmalita@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/4da12a3f68ced37feb8cbaddb455cb01c9b6976f
Time: Mon Aug 10 16:24:11 2015
The CL last changed line 107 of file SVGLayoutSupport.cpp, which is stack frame 2.

Author: wangxianzhu
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/934f67a68da2054e526e13648c5452e2cf79c211
Time: Sat Mar 26 01:09:36 2016
The CL last changed line 371 of file PaintInvalidationState.cpp, which is stack frame 3.

Author: wangxianzhu
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/934f67a68da2054e526e13648c5452e2cf79c211
Time: Sat Mar 26 01:09:36 2016
The CL last changed line 359 of file PaintInvalidationState.cpp, which is stack frame 4.

Author: wangxianzhu
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/934f67a68da2054e526e13648c5452e2cf79c211
Time: Sat Mar 26 01:09:36 2016
The CL last changed line 1383 of file LayoutObject.cpp, which is stack frame 5.

Author: wangxianzhu
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/934f67a68da2054e526e13648c5452e2cf79c211
Time: Sat Mar 26 01:09:36 2016
The CL last changed line 1275 of file LayoutObject.cpp, which is stack frame 6.

Suspected Project: chromium

Possible suspect : https://chromium.googlesource.com/chromium/src//+/934f67a68da2054e526e13648c5452e2cf79c211

Please reassign if this is not related to your change

Very big value in transform in the test case. I don't think integer-overflow is a problem.

ClusterFuzz has detected this issue as fixed in range 422674:422794.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4855927643832320

Fuzzer: miaubiz_svg_fuzzer
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  blink::operator-
  blink::enclosingIntRect
  blink::SVGLayoutSupport::transformPaintInvalidationRect
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=422674:422794

Minimized Testcase (0.89 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97GhLZvGiJOv3MnTJplsYilfcu37bqFzxq-p5arG0U_U7OyJHvn58pSbR7P8UgQFQp72fJqeggUm3ejCcuFYiDbJtl0nRTPXMKNv93DZDAQHQzT_cZKog2omSD_JYSrfreOazjmmtbpdZoxlgsgb1ijKLHAhg?testcase_id=4855927643832320

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot