Author: boliu
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/99b904adcfc2d25f5a06bcf1e122387ef2c21d7d
Time: Tue Jan 26 22:18:01 2016
The CL last changed line 1081 of file layer_tree_impl.cc, which is stack frame 4.

 Issue 634137  has been merged into this issue.

Moving this nonessential bug to the next milestone.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

ClusterFuzz has detected this issue as fixed in range 411957:412168.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5431486176296960

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  gfx::Rect::Inset
  cc::PictureLayerImpl::UpdateViewportRectForTilePriorityInContentSpace
  cc::PictureLayerImpl::UpdateTiles
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=411957:412168

Minimized Testcase (0.32 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94H5qHTP5wEKfBZLFrnjrMmsnrDA6EWQ2k3d5qmvyLPoD0Rr-qEOQYRb6WnixOWDniNy3NAhHH1jxFX5D3wys7BGvSlebdZG8yimx5pRysKFN-VtQ1Ko39tghuYWWAIdlaWBYiQF4WthOBFQGxL10HwT2grRA?testcase_id=5431486176296960

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot