Findit did not show any suspected CL's

Using code search suspecting the below change could be a possible culprit which could have resulted in this crash.

Change URL: https://chromium.googlesource.com/chromium/src/+/86fc67cca4eaad94ec7bf3daebf905939abdd03c
Review-Url: https://codereview.chromium.org/2268423003

@sunxd: Assigning to you, Request you to please take a look into it. Please help us to reassign if not with respect to your change.

Thanks.!

I think this is related to https://codereview.chromium.org/913133004.

The test case applies this transform:
transform
scale3d(-538603934,266833010.733832560,335) rotateY(438358353.63grad);

The PaintedScrollbarLayer got an internal_contents_scale_ that would cause overflow when scale the layer_rect to enclosing rect.

Assign to enne@. Can you please look at this bug? It looks like another int overflow bug, maybe we want to clamp the internal contents scales. Thanks!

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/aa23d5d071524015ed425c4d6e981c1621479620

commit aa23d5d071524015ed425c4d6e981c1621479620
Author: enne <enne@chromium.org>
Date: Tue Oct 04 23:11:45 2016

Fix scrollbar overflow with ScaleToEnclosingRectSafe

ScaleToEnclosingRect DCHECKS that the scale that's being done won't
overflow, however this can't be known because the scrollbar's
internal scale is determined by page content.  Clamp these values
safely instead of DCHECKing.

R=danakj@chromium.org
BUG= 652604 
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel

Review-Url: https://codereview.chromium.org/2384063007
Cr-Commit-Position: refs/heads/master@{#422987}

[modify] https://crrev.com/aa23d5d071524015ed425c4d6e981c1621479620/cc/layers/painted_scrollbar_layer.cc
[modify] https://crrev.com/aa23d5d071524015ed425c4d6e981c1621479620/ui/gfx/geometry/rect.h
[modify] https://crrev.com/aa23d5d071524015ed425c4d6e981c1621479620/ui/gfx/geometry/rect_unittest.cc

ClusterFuzz has detected this issue as fixed in range 422899:423265.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4994541080018944

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  base::IsValueInRangeForNumericType<int>( std::floor(rect.x() * x_scale)) in rect
  gfx::ScaleToEnclosingRect
  cc::PaintedScrollbarLayer::ScrollbarLayerRectToContentRect
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=302659:302721
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=422899:423265

Minimized Testcase (0.23 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94qkclcOTzJMkTs7K4gfAL8wDHC9ZUOG0dcnAqWdO8SXV3WuggziYRiJIuE2AXXyF3zjcUd_wpgmQXlbCaBSY3qzdtC8qdIcKSGYpzgFppHaSMfY19BCc8XmjSzf-6dW7p-J6nJFG9xPAiZF_P43DcysJJI0A?testcase_id=4994541080018944

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot