Suspecting:

Author: jam@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/dade5f876b1649129f74442613ba7087efe181f6
Time: Tue May 13 21:59:21 2014
The CL last changed line 73 of file pepper_pdf_host.cc, which is stack frame 1.

Author: raymes@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/6dac73151fef7f1d4e48981075a690cc295ea61e
Time: Tue Nov 20 04:31:37 2012
The CL last changed line 30 of file resource_message_handler.cc, which is stack frame 2.

@jam/raymes: Could you please look into this issue.

Thank you.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a0cec3faf14da6bd8f78b8bfaa6147af8926a3e8

commit a0cec3faf14da6bd8f78b8bfaa6147af8926a3e8
Author: thestig <thestig@chromium.org>
Date: Wed Jul 13 23:06:29 2016

Add some CHECKs to PepperPDFHost to figure out a crash.

BUG= 627814 

Review-Url: https://codereview.chromium.org/2148063002
Cr-Commit-Position: refs/heads/master@{#405338}

[modify] https://crrev.com/a0cec3faf14da6bd8f78b8bfaa6147af8926a3e8/components/pdf/renderer/pepper_pdf_host.cc

ClusterFuzz has detected this issue as fixed in range 405185:405467.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6333440769392640

Fuzzer: ifratric_acrojs
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  pdf::PepperPDFHost::OnHostMsgHasUnsupportedFeature
  pdf::PepperPDFHost::OnResourceMessageReceived
  ppapi::host::ResourceMessageHandler::RunMessageHandlerAndReply
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=358557:358562
Fixed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=405185:405467

Minimized Testcase (2486.66 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95JQjjoHlAjJeS_DgHTBwWydGnxuQNzH6ihF5Pw_u7VxyoPAX1iR-BKVgTSXXZyC8za98-dx0y4_6rq72DiC8pS7F5yb7HZqMs50XpyMo0gCdz73e4RkT1W9c0SCjrviuolOQO0pxFF2aftBEwWvesReDMXdXlpth8xIyAHB5baZRBHUio?testcase_id=6333440769392640

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 405185:405467.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6333440769392640

Fuzzer: ifratric_acrojs
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  pdf::PepperPDFHost::OnHostMsgHasUnsupportedFeature
  pdf::PepperPDFHost::OnResourceMessageReceived
  ppapi::host::ResourceMessageHandler::RunMessageHandlerAndReply
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=358557:358562
Fixed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=405185:405467

Minimized Testcase (2486.66 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95JQjjoHlAjJeS_DgHTBwWydGnxuQNzH6ihF5Pw_u7VxyoPAX1iR-BKVgTSXXZyC8za98-dx0y4_6rq72DiC8pS7F5yb7HZqMs50XpyMo0gCdz73e4RkT1W9c0SCjrviuolOQO0pxFF2aftBEwWvesReDMXdXlpth8xIyAHB5baZRBHUio?testcase_id=6333440769392640

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

inferno: Can you help me out here? I only added some CHECKs and now CF thinks it's fixed?

You can reupload testcase using https://cluster-fuzz.appspot.com/#uploadusertestcase and reassociate with this bug by clicking "Update bug". This is working as expected, the crash is gone and check failure stack looks different, so CF considers this as fixed.

I looked around on the CF website but didn't find another crash report for this. Should there have been one? I'll muck around with this and also see if I ran repro locally with a Mac.

Crash is seen in the wild too: https://crash.corp.google.com/browse?q=custom_data.ChromeCrashProto.magic_signature_1.name%3D%27pdf%3A%3APepperPDFHost%3A%3AOnHostMsgHasUnsupportedFeature%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D#samplereports

Maybe I can just wait a bit longer and see where users hit the CHECK.

Still waiting for the fish to bite. https://crash.corp.google.com/browse?q=custom_data.ChromeCrashProto.magic_signature_1.name%3D%27pdf%3A%3APepperPDFHost%3A%3AOnHostMsgHasUnsupportedFeature%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D#samplereports:5,productversion:1000 is the query to look at. Need 54.0.2796.0 or newer.

 Issue 630474  has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d72a1999af854cec09a4b20a69ff5795b8c84c9f

commit d72a1999af854cec09a4b20a69ff5795b8c84c9f
Author: thestig <thestig@chromium.org>
Date: Sat Jul 23 00:58:21 2016

Fix a crash in pdf::PepperPDFHost::OnHostMsgHasUnsupportedFeature().

BUG= 627814 

Review-Url: https://codereview.chromium.org/2174963002
Cr-Commit-Position: refs/heads/master@{#407323}

[modify] https://crrev.com/d72a1999af854cec09a4b20a69ff5795b8c84c9f/components/pdf/renderer/pepper_pdf_host.cc
[modify] https://crrev.com/d72a1999af854cec09a4b20a69ff5795b8c84c9f/components/pdf/renderer/pepper_pdf_host.h

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

We have made a bunch of changes on ClusterFuzz side, so resetting ClusterFuzz-Wrong label.