Suspected CLs	No CL in the regression range changes the crashed files. The result is the blame information.

Author: brettw@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/1758e88fd909ea0ffd49621e8066ffad5627ffdf
Time: Mon Nov 01 16:16:50 2010
The CL last changed line 115 of file size.h, which is stack frame 0.

Author: jam@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/1b1e9effe9fa3b66dd1bcfff4b78455460f66c61
Time: Tue May 20 01:56:40 2014
The CL last changed line 1417 of file out_of_process_instance.cc, which is stack frame 1.

Author: jam@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/1b1e9effe9fa3b66dd1bcfff4b78455460f66c61
Time: Tue May 20 01:56:40 2014
The CL last changed line 947 of file out_of_process_instance.cc, which is stack frame 2.

Author: jam@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/1b1e9effe9fa3b66dd1bcfff4b78455460f66c61
Time: Tue May 20 01:56:40 2014
The CL last changed line 2599 of file pdfium_engine.cc, which is stack frame 3.

Author: jam@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/1b1e9effe9fa3b66dd1bcfff4b78455460f66c61
Time: Tue May 20 01:56:40 2014
The CL last changed line 2534 of file pdfium_engine.cc, which is stack frame 4.

Author: thestig
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/5a6093c05d2cabb2aea6997b532ef2fe007ae177
Time: Wed May 25 01:26:33 2016
The CL last changed line 2436 of file pdfium_engine.cc, which is stack frame 5.

Author: yzshen@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/7ac673b55f9c2334d531c280f907e2d0edaed68b
Time: Thu Apr 05 07:10:58 2012
The CL last changed line 607 of file completion_callback_factory.h, which is stack frame 6.

Suspected Project: chromium

From the above Find It result, assigning to  thestig@ for related change in stack frame 5.

https://codereview.chromium.org/2077463002/

ClusterFuzz has detected this issue as fixed in range 400073:400083.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5748730922008576

Fuzzer: tokenfuzz_pdf_march16
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  pp::Size::GetArea
  chrome_pdf::OutOfProcessInstance::OnGeometryChanged
  chrome_pdf::OutOfProcessInstance::DocumentSizeUpdated
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=400073:400083

Minimized Testcase (1571.87 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94hTem-bQ5bf4ogzwzX_LMFu6bHFchoVM34vCRXMd7pUVtgOAVcVCjTBzUlC7Q_QDFQpdvpd-TkqdgLZfhDl47K6sAUCrr3BllazRFKyP6uspNcYYYNhHb2OR1lfkVhDZMwH0V40OE2KO5xzN-2p9-WkxbV7BgdYugXcB55td6uZ5CoZS4

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot