Similar to the invalid blend mode validation, I think we need to validate SkRRects as well and ignore any SkRRects that !SkRRect::isValid().

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e0faf622325752caf1574c011f6610d05538017a

commit e0faf622325752caf1574c011f6610d05538017a
Author: Adrienne Walker <enne@chromium.org>
Date: Wed Aug 02 00:33:14 2017

Validate rrects in PaintOpBuffer serialization

Also, consolidate all PaintOp validation into new IsValid
functions.

Bug:  749023 ,  750010 
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I1f5b695fe71c50d5ae126937c15a8957285a5487
Reviewed-on: https://chromium-review.googlesource.com/590749
Reviewed-by: Vladimir Levin <vmpstr@chromium.org>
Reviewed-by: Khushal <khushalsagar@chromium.org>
Commit-Queue: enne <enne@chromium.org>
Cr-Commit-Position: refs/heads/master@{#491171}
[modify] https://crrev.com/e0faf622325752caf1574c011f6610d05538017a/cc/paint/paint_flags.cc
[modify] https://crrev.com/e0faf622325752caf1574c011f6610d05538017a/cc/paint/paint_flags.h
[modify] https://crrev.com/e0faf622325752caf1574c011f6610d05538017a/cc/paint/paint_op_buffer.cc
[modify] https://crrev.com/e0faf622325752caf1574c011f6610d05538017a/cc/paint/paint_op_buffer.h
[modify] https://crrev.com/e0faf622325752caf1574c011f6610d05538017a/cc/paint/paint_op_buffer_unittest.cc
[modify] https://crrev.com/e0faf622325752caf1574c011f6610d05538017a/cc/paint/paint_op_reader.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4297bf0f3236ca84516f22ecf17bd5ebd732d346

commit 4297bf0f3236ca84516f22ecf17bd5ebd732d346
Author: enne <enne@chromium.org>
Date: Wed Aug 02 00:47:34 2017

Revert "Validate rrects in PaintOpBuffer serialization"

This reverts commit e0faf622325752caf1574c011f6610d05538017a.

Reason for revert: breaks debug compile

Original change's description:
> Validate rrects in PaintOpBuffer serialization
> 
> Also, consolidate all PaintOp validation into new IsValid
> functions.
> 
> Bug:  749023 ,  750010 
> Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
> Change-Id: I1f5b695fe71c50d5ae126937c15a8957285a5487
> Reviewed-on: https://chromium-review.googlesource.com/590749
> Reviewed-by: Vladimir Levin <vmpstr@chromium.org>
> Reviewed-by: Khushal <khushalsagar@chromium.org>
> Commit-Queue: enne <enne@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#491171}

TBR=vmpstr@chromium.org,enne@chromium.org,khushalsagar@chromium.org

Change-Id: I1dac9ee740450c29bd0a25f3923e0f047cda8250
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug:  749023 ,  750010 
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/597070
Reviewed-by: enne <enne@chromium.org>
Commit-Queue: enne <enne@chromium.org>
Cr-Commit-Position: refs/heads/master@{#491177}
[modify] https://crrev.com/4297bf0f3236ca84516f22ecf17bd5ebd732d346/cc/paint/paint_flags.cc
[modify] https://crrev.com/4297bf0f3236ca84516f22ecf17bd5ebd732d346/cc/paint/paint_flags.h
[modify] https://crrev.com/4297bf0f3236ca84516f22ecf17bd5ebd732d346/cc/paint/paint_op_buffer.cc
[modify] https://crrev.com/4297bf0f3236ca84516f22ecf17bd5ebd732d346/cc/paint/paint_op_buffer.h
[modify] https://crrev.com/4297bf0f3236ca84516f22ecf17bd5ebd732d346/cc/paint/paint_op_buffer_unittest.cc
[modify] https://crrev.com/4297bf0f3236ca84516f22ecf17bd5ebd732d346/cc/paint/paint_op_reader.cc

ClusterFuzz has detected this issue as fixed in range 491099:491177.

Detailed report: https://clusterfuzz.com/testcase?key=6424935374520320

Fuzzer: libFuzzer_paint_op_buffer_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: Abrt
Crash Address: 0x03e90000059c
Crash State:
  sk_abort_no_print
  SkRRect::getType
  SkRRect::isEmpty
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=489446:489528
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=491099:491177

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6424935374520320


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6424935374520320 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/90c0dd23e86b976c141f9787686a721d2bbca305

commit 90c0dd23e86b976c141f9787686a721d2bbca305
Author: Adrienne Walker <enne@chromium.org>
Date: Wed Aug 02 18:21:29 2017

Validate rrects in PaintOpBuffer serialization

Also, consolidate all PaintOp validation into new IsValid
functions.

Reland of https://chromium-review.googlesource.com/c/590749/.

TBR=vmpstr@chromium.org,khushal@chromium.org

Bug:  749023 ,  750010 
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ifd784e327ddde877e376b5441d88fe4d35cf627a
Reviewed-on: https://chromium-review.googlesource.com/596926
Reviewed-by: Khushal <khushalsagar@chromium.org>
Reviewed-by: enne <enne@chromium.org>
Commit-Queue: enne <enne@chromium.org>
Cr-Commit-Position: refs/heads/master@{#491443}
[modify] https://crrev.com/90c0dd23e86b976c141f9787686a721d2bbca305/cc/paint/paint_flags.cc
[modify] https://crrev.com/90c0dd23e86b976c141f9787686a721d2bbca305/cc/paint/paint_flags.h
[modify] https://crrev.com/90c0dd23e86b976c141f9787686a721d2bbca305/cc/paint/paint_op_buffer.cc
[modify] https://crrev.com/90c0dd23e86b976c141f9787686a721d2bbca305/cc/paint/paint_op_buffer.h
[modify] https://crrev.com/90c0dd23e86b976c141f9787686a721d2bbca305/cc/paint/paint_op_buffer_unittest.cc
[modify] https://crrev.com/90c0dd23e86b976c141f9787686a721d2bbca305/cc/paint/paint_op_reader.cc