The following revision refers to this bug:
  https://skia.googlesource.com/skia.git/+/cdeff81bdb2e5cde422b6850634c5d3977fcbae9

commit cdeff81bdb2e5cde422b6850634c5d3977fcbae9
Author: caryclark <caryclark@google.com>
Date: Fri Jul 22 10:34:19 2016

conic fuzz fix

If no closest section is found in conic intersection
(which can happen if the numbers are out of range)
abort the intersection.

Also suppress assert fired in this case so it only
checks intersections with in-range values.

TBR=reed@google.com
BUG= 630378 
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2166813006

Review-Url: https://codereview.chromium.org/2166813006

[modify] https://crrev.com/cdeff81bdb2e5cde422b6850634c5d3977fcbae9/src/pathops/SkPathOpsTSect.h
[modify] https://crrev.com/cdeff81bdb2e5cde422b6850634c5d3977fcbae9/src/pathops/SkPathOpsTypes.h
[modify] https://crrev.com/cdeff81bdb2e5cde422b6850634c5d3977fcbae9/tests/PathOpsOpTest.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1cb4937cc32138109d1a3972fb636ae8d86d567c

commit 1cb4937cc32138109d1a3972fb636ae8d86d567c
Author: skia-deps-roller <skia-deps-roller@chromium.org>
Date: Fri Jul 22 11:40:26 2016

Roll src/third_party/skia/ 901257a3b..6af0c958a (2 commits).

https://chromium.googlesource.com/skia.git/+log/901257a3ba1d..6af0c958a0d0

$ git log 901257a3b..6af0c958a --date=short --no-merges --format='%ad %ae %s'
2016-07-22 mtklein GN: restore gn.py partly as fetch-gn
2016-07-22 caryclark conic fuzz fix

BUG= 630378 

CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_blink_rel
TBR=jcgregorio@google.com

Review-Url: https://codereview.chromium.org/2175693002
Cr-Commit-Position: refs/heads/master@{#407131}

[modify] https://crrev.com/1cb4937cc32138109d1a3972fb636ae8d86d567c/DEPS

ClusterFuzz has detected this issue as fixed in range 407076:407164.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5342652505784320

Fuzzer: libfuzzer_skia_pathop_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  SkDPoint::approximatelyEqual
  SkTSect<SkDConic, SkDConic>::binarySearchCoin
  SkTSect<SkDConic, SkDConic>::extractCoincident
  
Recommended Security Severity: Low

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=406010:406169
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=407076:407164

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94UWZXCsWfDc7f_Tq3k0bj21QDXCqHONXyP1cY22bGQEYSvHO2lFwAt3ozDt9lTHXcfSi_adJ6FMV1rxahR3PtF1CvUxYl3kDDTb6oaQeilG3nmqTJoPEhy0sT7T0xCUDIGkPnrTdIukm-1oe_1eKTbDFrTTg?testcase_id=5342652505784320


Additional requirements: Requires Gestures

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot