This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://skia.googlesource.com/skia.git/+/8bc90e2db692e02048f15e2f165f6d61c6110419

commit 8bc90e2db692e02048f15e2f165f6d61c6110419
Author: caryclark <caryclark@google.com>
Date: Mon Jul 25 13:05:08 2016

fix fuzz

Extreme inputs trigger asserts intended for in range data.
Return an error without asserting unless the test signals
otherwise.

TBR=reed@google.com
BUG= 630736 
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2178923002

Review-Url: https://codereview.chromium.org/2178923002

[modify] https://crrev.com/8bc90e2db692e02048f15e2f165f6d61c6110419/src/pathops/SkOpCoincidence.cpp
[modify] https://crrev.com/8bc90e2db692e02048f15e2f165f6d61c6110419/src/pathops/SkOpSegment.cpp
[modify] https://crrev.com/8bc90e2db692e02048f15e2f165f6d61c6110419/src/pathops/SkPathOpsCommon.cpp
[modify] https://crrev.com/8bc90e2db692e02048f15e2f165f6d61c6110419/tests/PathOpsOpTest.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/bca3154d23cd5dab3f779d4f345c17e45b5099a5

commit bca3154d23cd5dab3f779d4f345c17e45b5099a5
Author: skia-deps-roller <skia-deps-roller@chromium.org>
Date: Mon Jul 25 14:15:21 2016

Roll src/third_party/skia/ 1638c0dee..b5acf6e70 (4 commits).

https://chromium.googlesource.com/skia.git/+log/1638c0deea80..b5acf6e702e3

$ git log 1638c0dee..b5acf6e70 --date=short --no-merges --format='%ad %ae %s'
2016-07-25 mtklein Add a clamp stage to SkRasterPipelineBlitter.
2016-07-25 caryclark fix fuzz
2016-07-25 mtklein Arithmetic xfermode stage.
2016-07-25 borenet webpages_playback: Make --upload_to_partner_bucket work without --upload

BUG= 630736 

CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_blink_rel
TBR=tomhudson@google.com

Review-Url: https://codereview.chromium.org/2177883002
Cr-Commit-Position: refs/heads/master@{#407470}

[modify] https://crrev.com/bca3154d23cd5dab3f779d4f345c17e45b5099a5/DEPS

This bug is reported as M53 Beta blocker and we're VERY close to M53 Beta promotion. Please plan to have fix ready and merged to M53 branch latest by 5:00 PM PDT on Wednesday (07/27). Thank you.

ClusterFuzz has detected this issue as fixed in range 407416:407611.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5269696614236160

Fuzzer: libfuzzer_skia_pathop_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x00009fff8005
Crash State:
  segment
  containsCoincidence
  SkOpSpan::insertCoincidence
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=405990:406128
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=407416:407611

Minimized Testcase (0.48 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96hpY_k1ldYm3wn5Q8d1Qx7os5nMKFDwW8ev4K3Mfw0mGFFf3veHvOhWUK0ExcEevZNWrVe2f9r-WSu_rf-y7xJ363rcKdU5xnX0wy2R4SmxSkdn_j9ZrWbT2G5LM9qbGYKJQTF7PpW8hMVRg8eRv0kMg_5Zg?testcase_id=5269696614236160

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Please request a merge to M53, seems like the issue is fixed in trunk.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot