No CL in the regression range changes the crashed files. The result is the blame information.

Author: reed
Project: chromium-skia
Changelist: https://chromium.googlesource.com/skia.git/+/82595b6fa4733e1525f357bdcac22db058790550
Time: Tue May 10 00:48:46 2016
The CL last changed line 1029 of file SkDraw.cpp, which is stack frame 4.

Suspected Project: chromium-skia
Suspected Component: Internals>Skia
======================================

reed@: Could you please look into this issue if it is related to your change, else please help us in assigning it to the right owner.

Thanks!

florin, can you help capture this, to see what the values are coming into skia?

drawRect([8, 23, 99.921875, 24]) + blur mask with an offset close to int_max:

DrawLooper:
SkLayerDrawLooper (3): 0: paintBits: (MaskFilter|ColorFilter) mode: kSrc offset: (2147483625, 10) postTranslate: false 

Deleted: layer_0.skp 1.4 KB

layer_0.skp 1.4 KB Download

The following revision refers to this bug:
  https://skia.googlesource.com/skia.git/+/01a2ff8a325e17221b139968e337413df0c2e60c

commit 01a2ff8a325e17221b139968e337413df0c2e60c
Author: reed <reed@google.com>
Date: Mon Jul 18 20:22:55 2016

check for culled-out paths inside SkDraw

BUG= 629026 
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2155213002

Review-Url: https://codereview.chromium.org/2155213002

[modify] https://crrev.com/01a2ff8a325e17221b139968e337413df0c2e60c/src/core/SkDraw.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/974806232800af284b708aaf8b81945c289af563

commit 974806232800af284b708aaf8b81945c289af563
Author: skia-deps-roller <skia-deps-roller@chromium.org>
Date: Mon Jul 18 22:35:52 2016

Roll src/third_party/skia/ 034f243c6..d876a4b54 (2 commits).

https://chromium.googlesource.com/skia.git/+log/034f243c6de4..d876a4b54999

$ git log 034f243c6..d876a4b54 --date=short --no-merges --format='%ad %ae %s'
2016-07-18 fmenozzi Add bounds info
2016-07-18 reed check for culled-out paths inside SkDraw

BUG= 629026 

CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_blink_rel
TBR=jcgregorio@google.com

Review-Url: https://codereview.chromium.org/2158953003
Cr-Commit-Position: refs/heads/master@{#406124}

[modify] https://crrev.com/974806232800af284b708aaf8b81945c289af563/DEPS

ClusterFuzz has detected this issue as fixed in range 406033:406232.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6000121594773504

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  SkBlurMask::BoxBlur
  SkDraw::DrawToMask
  SkMaskFilter::filterPath
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=406033:406232

Minimized Testcase (0.21 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96I88eKhYi5Ur_MSeoBI9ROyPYMtPHPEycGcKprZ2zYo_CL_dUvGHLGw7FHYxXPUVkwAnCTVfRyGGg-hIn1e6C52n7qWpP5wsEXancLQFqvBeIhMHxKnSAz1LO78O4R5V4H4q4bXL80g7wRUD4gxfmJBhxu8Q?testcase_id=6000121594773504

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot