Find it results:
------------------
Suspected CLs	The result is a list of CLs that change the crashed files.

Author: rob.buis
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/dcfa87e4ecf3f9673f642f9292f9a69e50ef6ba4
Time: Sat Nov 05 00:21:59 2016
File FocusController.cpp is changed in this cl (and is part of stack frame #1, "adjustedTabIndex"; frame #2, "nextElementWithGreaterTabIndex"; frame #3, "nextFocusableElement"; frame #4, "blink::"; frame #5, "blink::"; frame #6, "findFocusableElementAcrossFocusScopesForward")
Minimum distance from crash line to modified line: 1. (file: FocusController.cpp, crashed on: 428, modified: 429).

Suspected Project: chromium

based on find it results, assigning to rob.buis@, could you please check the issue and help.

ClusterFuzz has detected this issue as fixed in range 430550:430572.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6501609522855936

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  int WTF::toIntegralType<int, unsigned char>
  adjustedTabIndex
  nextElementWithGreaterTabIndex
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=429962:430084
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=430550:430572

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94kGQmWA0ZwSRn6g7O75QGKqIWLMI1PaCNmPzXynJCHt3cC-BAIUIpxbe21lI2tLg_BHQTWor3kCSxIB6wdnhtnwrb-oQprNlx72dmnwl3Snmuo-zOf_JH7KgVCFAfnRNcBxohNHRUAawENx3t1aGl43_J9aYQtD1MCMlcuDFgA4DCfVgs?testcase_id=6501609522855936


Additional requirements: Requires Gestures

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/93bc2cfbf5ff5d076a06bb599595f256cf47b208

commit 93bc2cfbf5ff5d076a06bb599595f256cf47b208
Author: rob.buis <rob.buis@samsung.com>
Date: Thu Nov 10 00:44:40 2016

Make getIntegralAttribute use parseHTMLInteger

Make getIntegralAttribute use parseHTMLInteger since
AtomicString::toInt can't handle -2147483648 and
it is less spec conformant on whitespace handling.

BUG= 662659 

Review-Url: https://codereview.chromium.org/2486793002
Cr-Commit-Position: refs/heads/master@{#431110}

[modify] https://crrev.com/93bc2cfbf5ff5d076a06bb599595f256cf47b208/third_party/WebKit/LayoutTests/imported/wpt/html/dom/reflection-embedded-expected.txt
[modify] https://crrev.com/93bc2cfbf5ff5d076a06bb599595f256cf47b208/third_party/WebKit/LayoutTests/imported/wpt/html/dom/reflection-grouping-expected.txt
[modify] https://crrev.com/93bc2cfbf5ff5d076a06bb599595f256cf47b208/third_party/WebKit/Source/core/dom/Element.cpp

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot