Somewhat similar to  bug 623072 .

The following revision refers to this bug:
  https://skia.googlesource.com/skia.git/+/1493b9772d6fad455a222ec6f242903128e049a0

commit 1493b9772d6fad455a222ec6f242903128e049a0
Author: caryclark <caryclark@google.com>
Date: Tue Jul 19 18:29:14 2016

fix fuzzer

Previous spans always have a valid next pointer. The final span does not.
Change the test for a valid link to take into consideration whether
the links are chased forwards or backwards.

TBR=reed@google.com
BUG= 629454 
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2166543002

Review-Url: https://codereview.chromium.org/2166543002

[modify] https://crrev.com/1493b9772d6fad455a222ec6f242903128e049a0/src/pathops/SkOpSpan.cpp
[modify] https://crrev.com/1493b9772d6fad455a222ec6f242903128e049a0/tests/PathOpsOpTest.cpp

The following revision refers to this bug:
  https://skia.googlesource.com/skia.git/+/1493b9772d6fad455a222ec6f242903128e049a0

commit 1493b9772d6fad455a222ec6f242903128e049a0
Author: caryclark <caryclark@google.com>
Date: Tue Jul 19 18:29:14 2016

fix fuzzer

Previous spans always have a valid next pointer. The final span does not.
Change the test for a valid link to take into consideration whether
the links are chased forwards or backwards.

TBR=reed@google.com
BUG= 629454 
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2166543002

Review-Url: https://codereview.chromium.org/2166543002

[modify] https://crrev.com/1493b9772d6fad455a222ec6f242903128e049a0/src/pathops/SkOpSpan.cpp
[modify] https://crrev.com/1493b9772d6fad455a222ec6f242903128e049a0/tests/PathOpsOpTest.cpp

The following revision refers to this bug:
  https://skia.googlesource.com/skia.git/+/1493b9772d6fad455a222ec6f242903128e049a0

commit 1493b9772d6fad455a222ec6f242903128e049a0
Author: caryclark <caryclark@google.com>
Date: Tue Jul 19 18:29:14 2016

fix fuzzer

Previous spans always have a valid next pointer. The final span does not.
Change the test for a valid link to take into consideration whether
the links are chased forwards or backwards.

TBR=reed@google.com
BUG= 629454 
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2166543002

Review-Url: https://codereview.chromium.org/2166543002

[modify] https://crrev.com/1493b9772d6fad455a222ec6f242903128e049a0/src/pathops/SkOpSpan.cpp
[modify] https://crrev.com/1493b9772d6fad455a222ec6f242903128e049a0/tests/PathOpsOpTest.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/10dc160d9183452ce57e7d9561d28965cb6116af

commit 10dc160d9183452ce57e7d9561d28965cb6116af
Author: skia-deps-roller <skia-deps-roller@chromium.org>
Date: Tue Jul 19 19:50:19 2016

Roll src/third_party/skia/ c7b4b2849..1493b9772 (4 commits).

https://chromium.googlesource.com/skia.git/+log/c7b4b28496a9..1493b9772d6f

$ git log c7b4b2849..1493b9772 --date=short --no-merges --format='%ad %ae %s'
2016-07-19 caryclark fix fuzzer
2016-07-19 msarett Disable qcms on build for Android framework
2016-07-19 msarett Enable libjpeg-turbo features
2016-07-19 fmenozzi Clarify GrGradientEffect key enum

BUG= 629454 

CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_blink_rel
TBR=jcgregorio@google.com

Review-Url: https://codereview.chromium.org/2163743002
Cr-Commit-Position: refs/heads/master@{#406354}

[modify] https://crrev.com/10dc160d9183452ce57e7d9561d28965cb6116af/DEPS

ClusterFuzz has detected this issue as fixed in range 406333:406477.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5240805250039808

Fuzzer: libfuzzer_skia_pathop_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  containsCoincidence
  insertCoincidence
  SkOpCoincidence::mark
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=406010:406169
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=406333:406477

Minimized Testcase (0.42 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96drs9mX3ggUfYPV593KT_u0lcBLiVskMta-6fxaePUPrvWI2bJO7qvjuCfMJnhvvxg_OIKNbhFT7pjbppUZtFrP-Gz2PJW8zaajDVyeWJIvSW_uneO2hkXYgSNC8iIf3fzZHjy6mdUWAEx16SSV9dJQ66EBA?testcase_id=5240805250039808

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 406333:406477.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5240805250039808

Fuzzer: libfuzzer_skia_pathop_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  containsCoincidence
  insertCoincidence
  SkOpCoincidence::mark
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=406010:406169
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=406333:406477

Minimized Testcase (0.42 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96drs9mX3ggUfYPV593KT_u0lcBLiVskMta-6fxaePUPrvWI2bJO7qvjuCfMJnhvvxg_OIKNbhFT7pjbppUZtFrP-Gz2PJW8zaajDVyeWJIvSW_uneO2hkXYgSNC8iIf3fzZHjy6mdUWAEx16SSV9dJQ66EBA?testcase_id=5240805250039808

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot