This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

 Issue 610631  has been merged into this issue.

 Issue 610632  has been merged into this issue.

Caused by https://pdfium.googlesource.com/pdfium/+/a031357eaab7c934ac03717968cf78ff556c819b.

reverted in https://pdfium.googlesource.com/pdfium/+/f0db33fa39b4497e1b275d0798c1def08741480f. pending roll.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/55187b44efcbe10b32a2d792856c88cee4d62e35

commit 55187b44efcbe10b32a2d792856c88cee4d62e35
Author: thestig <thestig@chromium.org>
Date: Thu May 12 05:33:58 2016

Roll PDFium cac1571..77f45f2

https://pdfium.googlesource.com/pdfium.git/+log/cac1571..77f45f2

BUG= 610973 , 611198 
TBR=ochang@chromium.org
TEST=bots

Review-Url: https://codereview.chromium.org/1969313002
Cr-Commit-Position: refs/heads/master@{#393191}

[modify] https://crrev.com/55187b44efcbe10b32a2d792856c88cee4d62e35/DEPS

ClusterFuzz has detected this issue as fixed in range 393183:393193.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5715754204266496

Fuzzer: tokenfuzz_pdf_april16
Job Type: linux_asan_pdfium
Platform Id: linux

Crash Type: Heap-use-after-free READ 8
Crash Address: 0x605000012468
Crash State:
  std::__1::__tree_const_iterator<std::__1::__value_type<CFX_ByteString, CPDF_Obje
  CPDF_Dictionary::GetStreamBy
  CPDF_Font::LoadUnicodeMap
  
Recommended Security Severity: High

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_pdfium&range=392347:392426
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_pdfium&range=393183:393193

Minimized Testcase (31.33 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96sim-MnAk8QWOVs3TMHota99ifi_jptSEfiC_XzqBCCL2NIjqQGj4ClhYz-ySKTPTZ4ktKxG3mPAFYa0uAL4u9pKxCgWZo-tJ3rHzseKuQARAvxjf22J1nPAQNCkx0HKszgfsct_w75rsJ5QnbrNxHdhPSDndL6Cw9SL0Xjk3GX6yUuNQ

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Marking this as fixed since the CL has been reverted.

Adding Merge-Triage label for tracking purposes.

Once your fix had sufficient bake time (on canary, dev as appropriate), please nominate your fix for merge by adding the Merge-Request-XX label, where XX is the Chrome milestone.

When your merge is approved by the release manager, please start merging with higher milestone label first. Make sure to re-request merge for every milestone in the label list. You can get branch information on omahaproxy.appspot.com.

Your fix is very close to the branch point. After the branch happens, please make sure to check if your fix is in.

- Your friendly ClusterFuzz

Don't think any merges are necessary.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot