No CL in the regression range changes the crashed files. The result is the blame information.

Author: leviw
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/64c0da8cdaf8c7a857051640fa453ce6a7ec5a6f
Time: Sun Jan 31 01:41:04 2016
The CL last changed line 954 of file LayoutMultiColumnFlowThread.cpp, which is stack frame 0.

Suspected Project: chromium
Suspected Component: Blink>Layout
=====================================
leviw@: Could you please look into this issue if it is related to your change, else please help us in assigning it to the right owner.

Thanks!

szager@ are you multicol layout contact now?

ClusterFuzz has detected this issue as fixed in range 413791:414128.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6671086402142208

Fuzzer: miaubiz_svg_fuzzer
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  blink::LayoutMultiColumnFlowThread::computePreferredLogicalWidths
  blink::LayoutBox::minPreferredLogicalWidth
  blink::LayoutBlock::computeChildPreferredLogicalWidths
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=413791:414128

Minimized Testcase (1.65 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97IhLinblxfiifZLXTDPdQLoCxlrzNZJlqUrrBKIeN_lWfVETd1MbtRaZ1mev3CRk72J-dsg7K5bSdim7vQApQ48Ax_VJzrLc9zwNkRaEeOKGlPmsEQ2YoNZ1PzgxPU4Htr0OpJzee3MbXoQOTS7d-qx-h-4g?testcase_id=6671086402142208

Additional requirements: Requires Gestures

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Re-Opening the issue as Clusterfuzz has detected the crash again, Clusterfuzz update in the next comment.Thank you 

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5712616574156800

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  blink::LayoutMultiColumnFlowThread::computePreferredLogicalWidths
  blink::LayoutBox::minPreferredLogicalWidth
  blink::LayoutBlock::computeChildPreferredLogicalWidths
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027

Minimized Testcase (0.46 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96Yms8EWh2Xs3pqZcULvnasf8wrutifX718w0UZjI1s2F4Jx7mgpy9W40HvD93AbzNNdAs3_pvnilIEQYtL4NA_CDE9SgVyrFECLkBxHyGvweN_YlZchyQSy2cG0sCOhByu0qJas0cimJR4kQp06OeEfHkRrg?testcase_id=5712616574156800
<style>.c4 {
    -webkit-appearance: button
    }
.c4:not([*|attribute="pass"]) {
    -webkit-column-gap: 65536px
    }
.c4:not([*|lang|="en"]) {
    zoom: 0.01;
    -webkit-column-count: 65536
    }
.c4:not([class^=""]) {
    zoom: 0.01
</style>
<script>
var nodes = Array();
root_node = document.body ? document.body : document.documentElement;
 nodes[6] = document.createElement('rp'); 
 nodes[6].setAttribute('class', 'c4'); 
 root_node.appendChild(nodes[6]); 
</script>


Issue manually filed by: mmohammad

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

ClusterFuzz has detected this issue as fixed in range 439393:439396.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5712616574156800

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  blink::LayoutMultiColumnFlowThread::computePreferredLogicalWidths
  blink::LayoutBox::minPreferredLogicalWidth
  blink::LayoutBlock::computeChildPreferredLogicalWidths
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=439393:439396

Minimized Testcase (0.46 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96Yms8EWh2Xs3pqZcULvnasf8wrutifX718w0UZjI1s2F4Jx7mgpy9W40HvD93AbzNNdAs3_pvnilIEQYtL4NA_CDE9SgVyrFECLkBxHyGvweN_YlZchyQSy2cG0sCOhByu0qJas0cimJR4kQp06OeEfHkRrg?testcase_id=5712616574156800
<style>.c4 {
    -webkit-appearance: button
    }
.c4:not([*|attribute="pass"]) {
    -webkit-column-gap: 65536px
    }
.c4:not([*|lang|="en"]) {
    zoom: 0.01;
    -webkit-column-count: 65536
    }
.c4:not([class^=""]) {
    zoom: 0.01
</style>
<script>
var nodes = Array();
root_node = document.body ? document.body : document.documentElement;
 nodes[6] = document.createElement('rp'); 
 nodes[6].setAttribute('class', 'c4'); 
 root_node.appendChild(nodes[6]); 
</script>


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

We have made a bunch of changes on ClusterFuzz side, so resetting ClusterFuzz-Wrong label.