Could someone please take a look?
Thank you.

Steps to repro (in *chromium* checkout):
gn gen out/libfuzzer '--args=is_debug=false use_libfuzzer=true is_ubsan_security=true enable_nacl=false proprietary_codecs=true ffmpeg_branding="ChromeOS"'
ninja -C out/libfuzzer skia_path_fuzzer
timeout 5 out/libfuzzer/skia_path_fuzzer ~/Downloads/clusterfuzz-testcase-4883762874941440
Observe fuzzer does not return before 5s.  I let this go for over a minute, and it still didn't return.

assert in debug:

[0321/103544.679401:INFO:SkEdgeClipper.cpp(435)] ../../third_party/skia/src/core/SkEdgeClipper.cpp:435: fatal error: "assert(fCurrPoint - fPoints <= kMaxPoints)"


Program received signal SIGABRT, Aborted.
0x00007ffff2a1bc37 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56	../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  0x00007ffff2a1bc37 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff2a1f028 in __GI_abort () at abort.c:89
#2  0x00007ffff4b6af2e in sk_abort_no_print() () at ../../skia/ext/SkMemory_new_handler.cpp:32
#3  0x00007ffff53d2c20 in SkEdgeClipper::clipCubic(SkPoint const*, SkRect const&) () at ../../third_party/skia/src/core/SkEdgeClipper.cpp:435
#4  0x00007ffff53c4fd3 in SkEdgeBuilder::build(SkPath const&, SkIRect const*, int, bool, bool) () at ../../third_party/skia/src/core/SkEdgeBuilder.cpp:395
#5  0x00007ffff5a5b1b5 in aaa_fill_path () at ../../third_party/skia/src/core/SkScan_AAAPath.cpp:1633
#6  AAAFillPath () at ../../third_party/skia/src/core/SkScan_AAAPath.cpp:1848
#7  0x00007ffff5a5d7c5 in SkScan::AAAFillPath(SkPath const&, SkRasterClip const&, SkBlitter*) () at ../../third_party/skia/src/core/SkScan_AAAPath.cpp:1864
#8  0x00007ffff5a8d0a3 in AntiFillPath () at ../../third_party/skia/src/core/SkScan_AntiPath.cpp:774
#9  0x00007ffff5389031 in SkDraw::drawDevPath(SkPath const&, SkPaint const&, bool, SkBlitter*, bool) const () at ../../third_party/skia/src/core/SkDraw.cpp:1070
#10 0x00007ffff5389c26 in SkDraw::drawPath(SkPath const&, SkPaint const&, SkMatrix const*, bool, bool, SkBlitter*) const () at ../../third_party/skia/src/core/SkDraw.cpp:1163

Here's the DM unit test that reproduces the bug (changing kMaxPoints to 34
would avoid the SkASSERT fatal error):

static void test_fuzz_crbug_698714() {
    auto surface(SkSurface::MakeRasterN32Premul(500, 500));
    SkCanvas* canvas = surface->getCanvas();
    SkPaint paint;
    paint.setAntiAlias(true);
    SkPath path;
    path.setFillType(SkPath::kWinding_FillType);
    path.moveTo(SkBits2Float(0x00000000), SkBits2Float(0x00000000));  // 0,
0
    path.lineTo(SkBits2Float(0x43434343), SkBits2Float(0x43430143));  //
195.263f, 195.005f
    path.lineTo(SkBits2Float(0x43434343), SkBits2Float(0x43434343));  //
195.263f, 195.263f
    path.lineTo(SkBits2Float(0xb5434343), SkBits2Float(0x434300be));  //
-7.2741e-07f, 195.003f
    // 195.263f, 195.263f, -1.16387e-05f, 3.58641e-38f, 3.85088e-29f,
1.86082e-39f
    path.cubicTo(SkBits2Float(0x43434343), SkBits2Float(0x43434341),
            SkBits2Float(0xb74343bd), SkBits2Float(0x01434343),
            SkBits2Float(0x10434343), SkBits2Float(0x00144332));
    // 4.11823e-38f, 195.263f, 195.263f, 195.263f, -7.2741e-07f, 195.263f
    path.cubicTo(SkBits2Float(0x016037c0), SkBits2Float(0x43434343),
            SkBits2Float(0x43434343), SkBits2Float(0x43434343),
            SkBits2Float(0xb5434343), SkBits2Float(0x43434343));
    // 195.263f, 195.263f, -1.16387e-05f, 3.58641e-38f, 195.263f, -2
    path.cubicTo(SkBits2Float(0x43434344), SkBits2Float(0x43434341),
            SkBits2Float(0xb74343bd), SkBits2Float(0x01434343),
            SkBits2Float(0x43434343), SkBits2Float(0xc0000014));
    // -5.87228e+06f, 3.7773e-07f, 3.60231e-13f, -6.64511e+06f,
2.77692e-15f, 2.48803e-15f
    path.cubicTo(SkBits2Float(0xcab33535), SkBits2Float(0x34cacaca),
            SkBits2Float(0x2acacaca), SkBits2Float(0xcacacae3),
            SkBits2Float(0x27481927), SkBits2Float(0x27334805));
    path.lineTo(SkBits2Float(0xb5434343), SkBits2Float(0x43434343));  //
-7.2741e-07f, 195.263f
    // 195.263f, 195.263f, -1.16387e-05f, 195.212f, 195.263f, -2
    path.cubicTo(SkBits2Float(0x43434343), SkBits2Float(0x43434341),
            SkBits2Float(0xb74343b9), SkBits2Float(0x43433643),
            SkBits2Float(0x43434343), SkBits2Float(0xc0000014));
    path.lineTo(SkBits2Float(0xc7004343), SkBits2Float(0x27480527));  //
-32835.3f, 2.77584e-15f
    path.lineTo(SkBits2Float(0x00000000), SkBits2Float(0x00000000));  // 0,
0
    path.close();
    canvas->clipRect({0, 0, 65, 202});
    canvas->drawPath(path, paint);
}

The following revision refers to this bug:
  https://skia.googlesource.com/skia/+/44c1b111c7528cdbcfbd76989e0701ce9bbddf58

commit 44c1b111c7528cdbcfbd76989e0701ce9bbddf58
Author: Cary Clark <caryclark@skia.org>
Date: Wed Mar 22 16:32:45 2017

path hang

In release, path hangs because buffers overflow.
Debug shows that the clipped cubic generates 34 points although
a maximum of 32 are expected.

The path has very small numbers that fool MaxCurvature into
thinking that there are more places to break the cubic than
are necessary.

To make this bullet-proof, increase the verbs and points.

Allow (1 line + 1 cubic) * (3 x-pieces) * (3 y-pieces) == 18 verbs.
Allow (6 points for line + cubic + line) * 9 pieces    == 54 points.

R=reed@google.com,liyuqian@google.com
BUG= 698714 

Change-Id: I04fad10c151c79d0c53465a2b658aa4dd59f1c98
Reviewed-on: https://skia-review.googlesource.com/9983
Reviewed-by: Yuqian Li <liyuqian@google.com>
Commit-Queue: Cary Clark <caryclark@google.com>

[modify] https://crrev.com/44c1b111c7528cdbcfbd76989e0701ce9bbddf58/src/core/SkEdgeClipper.h
[modify] https://crrev.com/44c1b111c7528cdbcfbd76989e0701ce9bbddf58/tests/ClipCubicTest.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/affe6ebb8948d82592a7cf50e879eda526eabe81

commit affe6ebb8948d82592a7cf50e879eda526eabe81
Author: skia-deps-roller@chromium.org <skia-deps-roller@chromium.org>
Date: Wed Mar 22 17:59:03 2017

Roll src/third_party/skia/ fde9bff19..44c1b111c (12 commits)

https://skia.googlesource.com/skia.git/+log/fde9bff19c2a..44c1b111c752

$ git log fde9bff19..44c1b111c --date=short --no-merges --format='%ad %ae %s'
2017-03-21 caryclark path hang
2017-03-22 brianosman Support premul/unpremul of F16 during read/writePixels
2017-03-22 brianosman Further widen nondeterministic processor testing
2017-03-22 djsollen Revert "Add support for writing icc profiles to the jpeg encoder"
2017-03-22 bsalomon Mark overridden destructors with 'override' and remove 'virtual'
2017-03-22 robertphillips Remove SkImage_Base::asTextureRef (in favor of asTextureProxyRef)
2017-03-22 msarett Improve color type handling in SkImage_Base::makeColorSpace()
2017-03-22 reed test (and fix) clip_restriction in canvas
2017-03-22 bsalomon Revert "Add a new GrResourceCache purging mechanism for purging unused resources."
2017-03-22 bsalomon Add a new GrResourceCache purging mechanism for purging unused resources.
2017-03-22 msarett Small downsample_3_3 optimization
2017-03-22 rmistry Skia Gerrit 10k!

Created with:
  roll-dep src/third_party/skia
BUG= 698714 


Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls


CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel
TBR=fmalita@chromium.org

Change-Id: I13853433fa1e867f52c6e8db5d11cbe8df9ff63f
Reviewed-on: https://chromium-review.googlesource.com/457819
Reviewed-by: Skia Deps Roller <skia-deps-roller@chromium.org>
Commit-Queue: Skia Deps Roller <skia-deps-roller@chromium.org>
Cr-Commit-Position: refs/heads/master@{#458798}
[modify] https://crrev.com/affe6ebb8948d82592a7cf50e879eda526eabe81/DEPS