No CL in the regression range changes the crashed files. The result is the blame information.

Author: kojii
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/dcc13470a445d27e0d1722799f8ab780be8c90a1
Time: Tue Mar 15 00:40:59 2016
The CL last changed line 98 of file CachingWordShapeIterator.h, which is stack frame 4.

Suspected Project: chromium
Suspected Component: Blink>Fonts
====================
kojii@: Could you please look into this issue if it is related to your change, else please help us in assigning it to the right owner.

Thanks!

It's not about spacing, but I can have a look.

It looks like this is just overflowing in an extreme case and isn't as critical as pri 1 to me.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/17fe9abaa3e964184be9940b0b8630940785a788

commit 17fe9abaa3e964184be9940b0b8630940785a788
Author: kojii <kojii@chromium.org>
Date: Tue Jul 26 09:11:51 2016

Avoid integer-overflow in hb_glyph_position_t.y_advance

This patch avoids integer-overflow when hb_glyph_position_t.y_advance is
LONG_MIN.

BUG= 630227 

Review-Url: https://codereview.chromium.org/2176053002
Cr-Commit-Position: refs/heads/master@{#407744}

[modify] https://crrev.com/17fe9abaa3e964184be9940b0b8630940785a788/third_party/WebKit/Source/platform/fonts/shaping/ShapeResult.cpp

ClusterFuzz has detected this issue as fixed in range 407167:409418.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6268481226145792

Fuzzer: miaubiz_svg_fuzzer
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  blink::ShapeResult::insertRun
  blink::HarfBuzzShaper::extractShapeResults
  blink::HarfBuzzShaper::shapeResult
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=379622:379730
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=407167:409418

Minimized Testcase (2.94 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94MSD4wVDkYaAHe9-jJnjIwXYph8804-iMmZZykbuhvx1_uE2d4HqAh8yA5nJe4sdKkrYXM-2WG7R4mslibiSF3zTZnR5o7f_Oib8gSKtCn45np5Ob_LzNDUqOP05yS6uEmquKWUP2l8qjMoPXWh4cx_dX9MQ?testcase_id=6268481226145792

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot