Assigning to the concern owner from Predator results --
The result is a list of CLs that change the crashed files. 

Author: yigu
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/b3fceaa3468034cdf36d33021b8b48d9f2e448ec
Time: Mon Apr 24 19:40:13 2017
Lines 2203-2207 of file FrameView.cpp which potentially caused crash are changed in this cl (frame #0, "blink::FrameView::HandleLoadCompleted").
Minimum distance from crash line to modified line: 0. (file: FrameView.cpp, crashed on: 2203, modified: 2203).

@yigu -- Could you please look into the issue, kindly re-assign if this issue is not related to your changes.
Thank You.

There is no security risk due to the overflow.

ClusterFuzz has detected this issue as fixed in range 479538:479564.

Detailed report: https://clusterfuzz.com/testcase?key=4554845832085504

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  blink::FrameView::HandleLoadCompleted
  blink::Document::CheckCompleted
  blink::FrameLoader::StopAllLoaders
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=466698:466731
Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=479538:479564

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4554845832085504


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.