jbroman @ could you please look into this.please feel free to re-assigned back if needed. thanks in advance !

This seems to be undefined behavior when SkScalarCeilToInt produces INT_MAX, which cannot be negated to convert the outset call to an inset call. I'm not sure what Skia's philosophy for handling this is, and it predates the change I made to that line, so reassigning to reed@ for Skia triage (and cc-ing senorblanco@ because this particular call is in the Skia filter code).

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

ClusterFuzz has detected this issue as fixed in range 435261:438085.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6016628124024832

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  outset
  SkDropShadowImageFilter::onFilterNodeBounds
  SkImageFilter::filterBounds
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=416628:416781
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=435261:438085

Minimized Testcase (0.25 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96u1FG2lRWf4eR_ojhQNqQkrf3Ryan2SI6yZipHZjoqMaziYXo0A4wxVFAOOPT5NyqQUY8PfoNxjWkXA9F6kg5L2zbytyyfpRCWExnyDQJzau68BLMfi8meOHzk5BnQRnlg2dblqmDQ3Rud1FxRrpxzo4QX6Q?testcase_id=6016628124024832

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6016628124024832 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.