When deserializing an SkPath, there is some basic validation performed to ensure that the contents are consistent. This validation does not use safe integer types, or perform additional validation, so it's possible for a large path to overflow the point count, resulting in an unsafe SkPath object.
7e0793cb8767bd5e3e5ac3845bbfc7ec6d83d30f81733f1592b40df7805b3a2f
Debian Linux Security Advisory 5479-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
aee0f620a740c7ebf8d3a5388c4cb2acee86d35cf2761c6423c720350e0a280f