This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

fmalita -- Could this be caused by the "#define SK_ANALYTIC_AA" in https://codereview.chromium.org/2457393004?

Yes, most likely related.

Note that the SK_ANALYTIC_AA change was reverted in https://chromium.googlesource.com/chromium/src/+/568cf3e90941a42d1e85108417c385537c7d72ca, so I expect this to clear when CF catches up.

ClusterFuzz has detected this issue as fixed in range 430264:430278.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6533190014730240

Fuzzer: afl_skia_path_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: Stack-buffer-overflow WRITE {*}
Crash Address: 0x7f11f0565d98
Crash State:
  MaskAdditiveBlitter
  SkScan::AAAFillPath
  SkScan::AAAFillPath
  
Recommended Security Severity: High

Regressed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=430188:430189
Fixed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=430264:430278

Minimized Testcase (0.05 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94TLGbMwH_ZTN7gRTVdtouwlknu4BFvKk0YC6uRQ637Pa_FTL4QRkvtgp2EWPIwOAN7JAaNTorC4x0fp9kSX6gCqebpEKHME7oNnOC5AyULVivaIh_8l9nPru2e3U8uPZrrvadXT5BNwllhBJXEZQHlj5DrCw?testcase_id=6533190014730240

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

https://skia-review.googlesource.com/c/4628/

The following revision refers to this bug:
  https://skia.googlesource.com/skia.git/+/c4f66af20e3a58a09554eb3db2bf45c6291fe3a8

commit c4f66af20e3a58a09554eb3db2bf45c6291fe3a8
Author: Yuqian Li <liyuqian@google.com>
Date: Fri Nov 11 14:36:53 2016

Catch width overflow

BUG= chromium:662730 

GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=4628

Change-Id: Iaf3a30d39fda3166a6f8fc62a30580629418dc88
Reviewed-on: https://skia-review.googlesource.com/4628
Reviewed-by: Cary Clark <caryclark@google.com>
Commit-Queue: Yuqian Li <liyuqian@google.com>

[modify] https://crrev.com/c4f66af20e3a58a09554eb3db2bf45c6291fe3a8/src/core/SkScan_AAAPath.cpp
[modify] https://crrev.com/c4f66af20e3a58a09554eb3db2bf45c6291fe3a8/tests/PathTest.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/768816eabb9ca60d990b8715e2fde86fa078bd3b

commit 768816eabb9ca60d990b8715e2fde86fa078bd3b
Author: skia-deps-roller <skia-deps-roller@chromium.org>
Date: Fri Nov 11 17:43:40 2016

Roll src/third_party/skia/ b0b5360ae..58b130681 (3 commits).

https://skia.googlesource.com/skia.git/+log/b0b5360ae407..58b130681db4

$ git log b0b5360ae..58b130681 --date=short --no-merges --format='%ad %ae %s'
2016-11-11 mtklein SkFixedAlloc
2016-11-11 liyuqian Skip left/right if alpha = 0 in SkRectClipCheckBlitter::blitAntiRect
2016-11-11 liyuqian Catch width overflow

BUG= 662730 

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls

CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel
TBR=scroggo@google.com

Review-Url: https://codereview.chromium.org/2496963002
Cr-Commit-Position: refs/heads/master@{#431587}

[modify] https://crrev.com/768816eabb9ca60d990b8715e2fde86fa078bd3b/DEPS

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot