Find it tool informtaion
===================
	Git blame below is NOT necessarily who introduced the crash nor the owner for it. Please check the code before assigning to anyone.(No CL in the regression range changed the crashing files.)

Author: eae@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/70e39074ac4ebdf18d406fbd56a5ddde4c8e989e
Time: Wed Nov 07 18:33:44 2012
The CL last changed line 126 of file LayoutPoint.h, which is stack frame 0.

Author: mstensho@opera.com
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/48c76f35f56cbc3d3a8b69e81ccd25bd7817cc0c
Time: Thu Jun 04 08:04:11 2015
The CL last changed line 810 of file PaintLayer.cpp, which is stack frame 1.

Author: skobes@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/c79da57cd52b00c770ebaaa9bb9b01e0a023124a
Time: Fri Mar 13 02:55:50 2015
The CL last changed line 378 of file PaintLayer.cpp, which is stack frame 2.

Author: skobes@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/c79da57cd52b00c770ebaaa9bb9b01e0a023124a
Time: Fri Mar 13 02:55:50 2015
The CL last changed line 388 of file PaintLayer.cpp, which is stack frame 3.

Author: skobes@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/c79da57cd52b00c770ebaaa9bb9b01e0a023124a
Time: Fri Mar 13 02:55:50 2015
The CL last changed line 373 of file PaintLayer.cpp, which is stack frame 4.

Author: skobes@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/c79da57cd52b00c770ebaaa9bb9b01e0a023124a
Time: Fri Mar 13 02:55:50 2015
The CL last changed line 362 of file PaintLayerScrollableArea.cpp, which is stack frame 5.

Author: bokan@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/fac135c70d0a1f79df51ea070a50934d3b159556
Time: Fri Jun 19 21:22:50 2015
The CL last changed line 270 of file ScrollableArea.cpp, which is stack frame 6.

Suspected Project: chromium
Suspected Component: Blink>Paint
========================

Change Log::
https://chromium.googlesource.com/chromium/src/+log/8c498ea4cbdde91a9667486eebf1d9a7b65612d5..a28851ca731cf926f1c7949e4c1293a059606958?pretty=fuller

From the above CL suspecting the below change,
 https://codereview.chromium.org/2334893002

schenney@ Could you please look into this issue if it is related to your change,else please route this to an appropriate dev person.

Thanks,

I would have to suspect

https://chromium.googlesource.com/chromium/src/+/6d73ab5ed5d9b00bc48da255dc6599e90e72f599

or, less likely, this

https://chromium.googlesource.com/chromium/src/+/4567d59b87472d29a1fc660a55cd8aa56c83f280

I'm not sure if this is caused by my patch, since my patch doesn't touch any of the functions on the stack trace. Besides, I cannot easily reproduce it by opening the minimized testcase in chromium.

skobes@, can you take a look at it?

Emil I think you were looking at the integer overflow problem recently?  What is the right thing to do here?

Still TBD, if we decide to fix it it should be at the level of IntRect and friends (just like we do for the Layout* units).

ClusterFuzz has detected this issue as fixed in range 422899:423265.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6636323442262016

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  blink::operator-=
  blink::PaintLayer::updateLayerPosition
  blink::PaintLayer::updateLayerPositionsAfterScrollRecursive
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=418843:418863
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=422899:423265

Minimized Testcase (1.11 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94cYPEY50pZ_ZhgMpPh-2TVM_EdypvQl68DzsjgK8poxfnZMjs_9rdsGfOVzr5nX04BPh4BhVyfz7sAa_Pw3DVVBpiJUIyiU95myGD7r9T5H_sgJOPNi1bRwXdduvRweT7q_4L-R1bTmYxXoUoOfQzZBRDL6g?testcase_id=6636323442262016

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot