Assigning to the concern owner from find it results,
Suspected CLs	The result is a list of CLs that change the crashed files.

Author: eae
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/fdcbab80bc37108f6e03d6906f27831228690350
Time: Fri Oct 14 19:47:55 2016
Files InlineFlowBox.cpp, LayoutBlockFlowLine.cpp, RootInlineBox.cpp are changed in this cl (and is part of stack frame #2, "blink::InlineFlowBox::computeLogicalBoxHeights")
Minimum distance from crash line to modified line: 47. (file: InlineFlowBox.cpp, crashed on: 646, modified: 693).

Suspected Project: chromium
Suspected Component: Blink>Layout

@eae -- Could you please look into the issue, kindly re-assign if the issue is not related to your changes.
Thank You.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/16f66a38edc9d1b63276df3fdfc673138e18a917

commit 16f66a38edc9d1b63276df3fdfc673138e18a917
Author: eae <eae@chromium.org>
Date: Tue Dec 13 23:33:43 2016

Add check to InlineFlowBox::computeLogicalBoxHeights

Add a null check for rootBox to InlineFlowBox::computeLogicalBoxHeights.

BUG= 664851 
R=szager@chromium.org

Review-Url: https://codereview.chromium.org/2571023002
Cr-Commit-Position: refs/heads/master@{#438336}

[modify] https://crrev.com/16f66a38edc9d1b63276df3fdfc673138e18a917/third_party/WebKit/Source/core/layout/line/InlineFlowBox.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b59fc7500d6007bea7ec137c2d9239d30922e2c2

commit b59fc7500d6007bea7ec137c2d9239d30922e2c2
Author: eae <eae@chromium.org>
Date: Wed Jan 18 02:17:59 2017

Add DCHECK(rootBox) to InlineFlowBox::computeLogicalBoxHeights

BUG= 664851 
TBR=szager@chromium.org

Review-Url: https://codereview.chromium.org/2641573003
Cr-Commit-Position: refs/heads/master@{#444245}

[modify] https://crrev.com/b59fc7500d6007bea7ec137c2d9239d30922e2c2/third_party/WebKit/Source/core/layout/line/InlineFlowBox.cpp

ClusterFuzz has detected this issue as fixed in range 445391:445491.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4581887453691904

Fuzzer: inferno_twister
Job Type: linux_asan_chrome_media
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000038
Crash State:
  blink::RootInlineBox::ascentAndDescentForBox
  blink::InlineFlowBox::computeLogicalBoxHeights
  blink::RootInlineBox::alignBoxesInBlockDirection
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_media&range=425398:425517
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_media&range=445391:445491

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97LDQkzBXgnOVqeO_2ckeDN-mnM9KQXR3PiPgcfZKJl6gMXV4xkhHG_lolCUK5lAOMSTXvlOApeZVYqlpAc2J1fjqwWJbMCYpChzv5kF-4GlOlXDsjt5OWFF3XgyA-Q12gwBX9uRpzYi1LDPHlINJmkuanF0fqa8u2K9B-90dIS5Ke1cJ4?testcase_id=4581887453691904


Additional requirements: Requires HTTP

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4581887453691904 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.