providing Findit results for internal purpose:
Suspected CLs	No CL in the regression range changes the crashed files. The result is the blame information.

Author: Tom Sepez
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/d5e7b355b8c4c22ff770547797cbc536bdc95d5b
Time: Mon Feb 29 11:24:29 2016 -0800
The CL last changed line 149 of file fx_coordinates.h, which is stack frame 0.

Author: Nico Weber
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/9d8ec5a6e37e8d1d4d4edca9040de234e2d4728f
Time: Tue Aug 04 13:00:21 2015 -0700
The CL last changed line 186 of file fx_ge_device.cpp, which is stack frame 1.

Author: tsepez
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/7d2a8d966643ebc77c1aa0f0c53a0ffd2d681c4c
Time: Wed Jun 08 11:51:23 2016 -0700
The CL last changed line 493 of file fpdf_render.cpp, which is stack frame 2.

Author: Dan Sinclair
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/764ec513eecbebd12781bcc96ce81ed5e736ee92
Time: Mon Mar 14 13:35:12 2016 -0400
The CL last changed line 344 of file fpdf_render.cpp, which is stack frame 3.

Author: Dan Sinclair
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/764ec513eecbebd12781bcc96ce81ed5e736ee92
Time: Mon Mar 14 13:35:12 2016 -0400
The CL last changed line 306 of file fpdf_render.cpp, which is stack frame 4.

Author: Dan Sinclair
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/764ec513eecbebd12781bcc96ce81ed5e736ee92
Time: Mon Mar 14 13:35:12 2016 -0400
The CL last changed line 1053 of file fpdf_render.cpp, which is stack frame 5.

Author: Tom Sepez
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/b3b67620b9db518558f2912357581b600645ce68
Time: Mon Oct 19 16:20:03 2015 -0700
The CL last changed line 905 of file fpdfview.cpp, which is stack frame 6.

Suspected Project: chromium-pdfium

assigning to https://cs.chromium.org/chromium/src/third_party/pdfium/OWNERS
brucedawson@ / jam@ - Could you please check the above issue & help us in finding an owner it its not yours.

My guess is that this is a long-standing issue, and a widespread one. Pdfium probably does an imperfect job of sanitizing the input PDFs for avoidance of integer overflow.

DrawPathWithBlend is passed a CFX_PathData* which has a rect whose extents are -2147483648 to 5, and this width cannot be stored in an int. It's not clear what should be done, or at what level. Reject the PDF at load time as having an illegally large rectangle? Sounds reasonable, but what should the limit be?

Adding tsepez@ for guidance on who should look at this. I'm also lowering the priority because I think this is a broad issue that will take a while to resolve, and I think this is not a new issue.

ClusterFuzz has detected this issue as fixed in range 410916:411073.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6008657789845504

Fuzzer: ochang_search_index_mutator
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  FX_RECT::Width
  CFX_RenderDevice::DrawPathWithBlend
  CPDF_RenderStatus::ProcessPath
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=410916:411073

Minimized Testcase (214.62 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94BOOJnbi5XJK1bkdmnbDOtO5eYDYQBMWO9CCAG2rZqpodkQwvoKRXlBJCvphNlYT4OJ0k90scZmm5BXDli0oimoy_9IGfCMlnK1PDk5Gic99w_E8SF_8uca70Op_vrdA2EuN7DX0OaxWCTZiy8mTydQlrDShubzama8tJt4P8bdXdN5Ww?testcase_id=6008657789845504

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot