No CL in the regression range changes the crashed files. The result is the blame information.

Author: danakj
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/a5cc021b6ee19af6a931db1042ec2ab562506010
Time: Wed Oct 15 21:27:42 2014
The CL last changed line 148 of file rect.cc, which is stack frame 0.

Author: danakj@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/be3925eecc44210e61b47de19858d45c28b3e361
Time: Fri Mar 08 02:41:47 2013
The CL last changed line 325 of file damage_tracker.cc, which is stack frame 1.

Author: danakj@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/be3925eecc44210e61b47de19858d45c28b3e361
Time: Fri Mar 08 02:41:47 2013
The CL last changed line 201 of file damage_tracker.cc, which is stack frame 2.

Author: weiliangc
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/4012ef768e802a281461207edad2624524d462ae
Time: Mon Apr 11 22:04:06 2016
The CL last changed line 126 of file damage_tracker.cc, which is stack frame 3.

Author: danakj@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/c1bb5af2c3312280b17ac23a36dff4d366da3cea
Time: Wed Mar 13 19:06:27 2013
The CL last changed line 645 of file layer_tree_host_impl.cc, which is stack frame 4.

Author: jaydasika
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/e57ef9da5138f83571aa273a8ac7f8684f950fb4
Time: Wed Jun 22 14:32:55 2016
The CL last changed line 788 of file layer_tree_host_impl.cc, which is stack frame 5.

Author: simonhong@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/30d82149616dafe805d5fb22b1ddfcddfeee5a22
Time: Mon May 12 04:26:02 2014
The CL last changed line 1118 of file layer_tree_host_impl.cc, which is stack frame 6.

Suspected Project: chromium
Suspected Component: Internals>Compositing

Moving this nonessential bug to the next milestone.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Unable to repo this on ToT

Setting status to WontFix per #3.

ClusterFuzz has detected this issue as fixed in range 419387:419391.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5226403635396608

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  gfx::Rect::Union
  cc::DamageTracker::ExtendDamageForLayer
  cc::DamageTracker::TrackDamageFromActiveLayers
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=419387:419391

Minimized Testcase (0.15 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96jmPFk5c1-CnlspRqh7ZIoFip_qakX0LqlpL-se6eVYUFSscc1LWvNhz55PQ9dX0nR3uoKakFi28YQhdZ25YAQ41HeTDnT_uM9TL8eQFhIb0oWLUMRia5yZjy-oEEU0BO4bmPfwDSKznPQUiKbMSXd5X9QNQ?testcase_id=5226403635396608
<style>#camera {
    -webkit-perspective: 800px
    }
#container {
    transform: translatez(800px)
</style>
  <div id=camera>
    <div id=container>f


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot