SVGFilterPainter higher up on the stack, so putting this in the SVG bucket for some form accounting.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/84321d8133327259cf7eda6ed5bb19792fe94bda

commit 84321d8133327259cf7eda6ed5bb19792fe94bda
Author: fs <fs@opera.com>
Date: Mon Dec 19 14:55:16 2016

Clamp radii in FEMorphology::createImageFilter

Sk{Dilate,Erode}ImageFilter::Make take the radii as integers (int), so
make sure to convert the float FEMorphology stores avoiding overflow.

BUG= 675164 

Review-Url: https://codereview.chromium.org/2585233002
Cr-Commit-Position: refs/heads/master@{#439474}

[modify] https://crrev.com/84321d8133327259cf7eda6ed5bb19792fe94bda/third_party/WebKit/Source/platform/graphics/filters/FEMorphology.cpp

ClusterFuzz has detected this issue as fixed in range 439460:439491.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5969461137113088

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Float-cast-overflow
Crash Address: 
Crash State:
  blink::FEMorphology::createImageFilter
  blink::FilterEffect::createImageFilterWithoutValidation
  blink::SkiaImageFilterBuilder::build
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=435261:438085
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=439460:439491

Minimized Testcase (0.92 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96hGBY1qwugon6zBv0AD_ZfHlQFHmpCactbuDCHviyFuEsFZ4EQ78Bioovsz2L3OS1gxKUMrW1aOy7Aipm5gwfM1sxl3UVOKGmNDZVyDirfdp_CC8M958EMFzVC67dZlgkzKsn0kKjn5N809pI_ragVTsh2xg?testcase_id=5969461137113088

Additional requirements: Requires HTTP

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.