ymalik@ are you able to fix this? I'm guessing this code was added in: https://chromium.googlesource.com/chromium/src/+/c0cbafaf65dc4fc0ee22df128e71d9b97125123f%5E%21/third_party/WebKit/Source/core/page/scrolling/ScrollingCoordinator.cpp

miletus@ is no longer working on chromium.

There's a class Integer-overflow bugs https://bugs.chromium.org/p/chromium/issues/list?can=2&q=Integer-overflow+in+blink there should probably be a generic way to handle these cases.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The test case contains overflowing integers. If anything this should be fixed in the parser but I believe the consensus (see  issue 634803 ) is that we WontFix overflow issues like this in Blink.

ClusterFuzz has detected this issue as fixed in range 446721:447186.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4973370014957568

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  blink::IntRect::uniteEvenIfEmpty
  blink::Region::unite
  blink::ScrollingCoordinator::computeShouldHandleScrollGestureOnMainThreadRegion
  
Sanitizer: undefined (UBSAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=419707:419720
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=446721:447186

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95nXdERBn0ytEl8dt54qG1JiZ2qr9NdbUrpzUJCzF3xFD5lqjx8g1Oy1ZP9QbxpE4EwrR0YSFhvcsyIiy8iuA0H-5Vjq3_Z2WnKIIW3-ew5XOVcuFUm6hGYV8-sgUzLV74_JRwx_dpOSN5LyySjO8z15eWrog?testcase_id=4973370014957568


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.