Not sure where to merge it, filing as a separate bug for now.

This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Also XFA

M53 beta launch is coming soon.Your bug is labelled as Beta ReleaseBlock, pls make sure to land the fix before 6:00 PM PST, Monday (07/18/16). Thank you.

Not a beta blocker since XFA is off. Punting this to foxit.

This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Bad sheriffbot.

The issue is that it's marked as Security_Impact-Head (which should really be mentioned in the comment from sheriffbot, which I'll update soon). Tagging this as a beta blocker would be correct for an issue with the rest of these labels.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5977628406448128

Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  CCodec_TiffContext::Decode
  CCodec_ProgressiveDecoder::ContinueDecode
  XFACodecFuzzer::Fuzz
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=398314:399191

Minimized Testcase (0.35 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97eSpw9sDOgKGf01Y56isiKy_qS0y3d9h1nEmmyJawe1rNNlwxzO3MtzqqcbJwkNyRQ6f5QkndYWvnYXCfTsysC9LhApmhaugJQDnc2MgfbNOe-YUG1Ly13XMYCc2AJamv5CbIuhWOcWl-C2cYO_P6ER7KUdQ?testcase_id=5977628406448128

Filer: tanin

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/dee727c8ac26512c3f6fe852fdefb00186909a89

commit dee727c8ac26512c3f6fe852fdefb00186909a89
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Mon Sep 12 19:25:29 2016

Roll src/third_party/pdfium/ 1c62054a4..0b022056c (2 commits).

https://pdfium.googlesource.com/pdfium.git/+log/1c62054a42cf..0b022056c74c

$ git log 1c62054a4..0b022056c --date=short --no-merges --format='%ad %ae %s'
2016-09-12 tracy_jiang change memcpy to memmove for potential nearby addresses
2016-09-12 hong_zhang fix some uninitialized variables

BUG= 645186 , 627399 

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2332793003
Cr-Commit-Position: refs/heads/master@{#418000}

[modify] https://crrev.com/dee727c8ac26512c3f6fe852fdefb00186909a89/DEPS

ClusterFuzz has detected this issue as fixed in range 417938:418007.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5977628406448128

Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  CCodec_TiffContext::Decode
  CCodec_ProgressiveDecoder::ContinueDecode
  XFACodecFuzzer::Fuzz
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=398314:399191
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=417938:418007

Minimized Testcase (0.35 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94IVtYhpWqu8CR2sRVmzKCYCMI_6DH5fnQyOx9ATL8n8h-3K_OpKblX0Z8lLVzzhtMznu67EaUzNxjIhzeWIbavqgm-iyxQCrHTF1Ybr2cZ-mrgQtZpGMlxWUI3vWkuEbzs5FpG_2UNPZobv5m3etCoy0AiQA?testcase_id=5977628406448128

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 417938:418007.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4766080602210304

Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  CCodec_TiffContext::Decode
  CCodec_ProgressiveDecoder::ContinueDecode
  XFACodecFuzzer::Fuzz
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=398314:399191
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=417938:418007

Minimized Testcase (0.35 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95qX6tLtE1X4CDmmkOpz9lvz5wccXQOwz0NuZnZ1O2Ig5HZT_YT_r7R3cWk7WiXGdnif2EOcR6asg61SALijKS_k4r_C3iUJgbYjrffX-q4hSnFOEu2KWnp3h-2R5jGqoPfCim6sIzEOKtSx1SgS2gn72jO8w?testcase_id=4766080602210304

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot