Findit-result:
===============
Suspected CLs	The result is a list of CLs that change the crashed files.

Author: msarett
Project: chromium-skia
Changelist: https://chromium.googlesource.com/skia.git/+/d22a817ff57986407facd16af36320fc86ce02da
Time: Thu Aug 11 21:40:03 2016
Lines 1638-1639 of file SkCanvas.cpp which potentially caused crash are changed in this cl (frame #3, "SkCanvas::onClipRect").
Minimum distance from crash line to modified line: 0. (file: SkCanvas.cpp, crashed on: 1638, modified: 1638).

Author: msarett
Project: chromium-skia
Changelist: https://chromium.googlesource.com/skia.git/+/fbfa25802709139c2f14e304319c9541da65ca27
Time: Fri Aug 12 15:29:08 2016
Lines 1642-1643 of file SkCanvas.cpp which potentially caused crash are changed in this cl (frame #3, "SkCanvas::onClipRect").
Minimum distance from crash line to modified line: 0. (file: SkCanvas.cpp, crashed on: 1642, modified: 1642).

Suspected Project: chromium-skia
Suspected Component: Internals>Skia


Assigning to msarett@ based on the above findit result.

Thank you!

I don't think this was caused by my CL.  I'm working on reproducing the error so I can confirm.

I've verified that this reproduces with and without my change.

There's a more detailed stack trace in the detailed report, but the failure line is here:
../../third_party/skia/src/core/SkAAClip.cpp:808:46: runtime error: signed integer overflow: 16777216 * 128 cannot be represented in type 'int'

I'm copying a few on the Skia team because of a change that mentions AARects.
https://codereview.chromium.org/2230513004

Could someone from the Skia team help in further investigation.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

ClusterFuzz has detected this issue as fixed in range 435261:438085.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6523312035594240

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  SkAAClip::setRegion
  SkRasterClip::convertToAA
  SkRasterClip::op
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=411529:411868
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=435261:438085

Minimized Testcase (0.58 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94_reQDna9kxqaGPCtPzadN1CGGqQoiLvdcpNNqrV8dWFGUYGdnP6M6H0OV69jZBw2_QNFaU8ZH17Wj4X5ahPwlNTK1-FLC9rYwdIOILoB_WLFYpHkvx9zIvZYsRMxdvO2Uds4HSvXWrZGGi55FtQXAX1q5-Q?testcase_id=6523312035594240

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6523312035594240 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.