The result is a list of CLs that change the crashed files.
=========================================================

Author: Jun Fang
Component: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/d946f3011984755b14d7dcfb05d572e870f93f3f
Time: Mon Nov 02 13:45:35 2015 +0800
Lines 127-128 of file fpdf_dataavail.cpp which potentially caused crash are changed in this cl (frame #5, "FPDFAvail_IsDocAvail").

File pdfium_test.cc is changed in this cl (and is part of stack frame #6, "RenderPdf")
Minimum distance from crash line to modified line: 0. (file: fpdf_dataavail.cpp, crashed on: 128, modified: 128).

Suspected Component: chromium-pdfium

@jun_fang: Hey, would you mind checking the above issue and see if it's related to your change as per the above suspected result ?

I really appreciate your help.

Thank you!

Jun no longer involved with this project.

Probably the "H" key exists but it's not an array. Probably need to change the KeyExist() checks to make sure the keys are the expected types.

Possibly related:  bug 613031 ,  bug 610555 , and bug 591088.

ClusterFuzz has detected this issue as fixed in range 398351:398496.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6521327267086336

Fuzzer: tokenfuzz_pdf_march16
Job Type: linux_asan_pdfium
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000018
Crash State:
  CPDF_Array::GetDirectObjectAt
  CPDF_DataAvail::CheckHintTables
  CPDF_DataAvail::CheckDocStatus
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_pdfium&range=357360:357514
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_pdfium&range=398351:398496

Minimized Testcase (1171.47 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95Dq2KGud7mEifQx1uemOFT0-Z5Nl26luwr4HFh9Tx9ltQchDYbPGdt_yflUYe05s1sc8dR7KnuCz_WIkxmQR_uivYXM5pQIgt5fHUEhKmNtntjxsOf--yzMZYSW-3kBENLaHKPZGSdctKxtuB9jkuPYTsC-Gpwc3X6Ls0KCHX8-dA4W20

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

 Issue 622863  has been merged into this issue.

 Issue 626718  has been merged into this issue.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot