providing Findit results for internal purpose:
Suspected CLs	No CL in the regression range changes the crashed files. The result is the blame information.

Author: Lei Zhang
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/fa92864d257f57e5afdc0a36eafad8f2575c528a
Time: Fri Jan 15 12:20:27 2016 -0800
The CL last changed line 98 of file pngmem.c, which is stack frame 1.

Author: Lei Zhang
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/fa92864d257f57e5afdc0a36eafad8f2575c528a
Time: Fri Jan 15 12:20:27 2016 -0800
The CL last changed line 220 of file pngmem.c, which is stack frame 2.

Author: Lei Zhang
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/fa92864d257f57e5afdc0a36eafad8f2575c528a
Time: Fri Jan 15 12:20:27 2016 -0800
The CL last changed line 2244 of file pngrutil.c, which is stack frame 3.

Author: Lei Zhang
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/fa92864d257f57e5afdc0a36eafad8f2575c528a
Time: Fri Jan 15 12:20:27 2016 -0800
The CL last changed line 365 of file pngpread.c, which is stack frame 4.

Author: Lei Zhang
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/fa92864d257f57e5afdc0a36eafad8f2575c528a
Time: Fri Jan 15 12:20:27 2016 -0800
The CL last changed line 109 of file pngpread.c, which is stack frame 5.

Author: Lei Zhang
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/fa92864d257f57e5afdc0a36eafad8f2575c528a
Time: Fri Jan 15 12:20:27 2016 -0800
The CL last changed line 46 of file pngpread.c, which is stack frame 6.

Author: dsinclair
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/d55e11eeb8ebf1e226a1166f395ba77248ce84c3
Time: Tue Apr 12 11:21:22 2016 -0700
The CL last changed line 254 of file fx_codec_png.cpp, which is stack frame 7.

Suspected Project: chromium-pdfium

assigning to https://cs.chromium.org/chromium/src/third_party/pdfium/OWNERS
thestig@/ tsepez@ -Could you please check the above issue & help us in finding an owner it its not yours.

I can reproduce this leak, but I don't see how it's leaking.

The memory allocated in pngrutil.c:2244 is freed in all the places I can see that we return from this method. Is there something I'm missing that is causing it to report this as a leak?

Look at the path taken and see if png_free() is actually doing its job?

Ok, so the problem is that we call png_set_pCAL. Inside png_set_pCAL we call png_error. png_error does a longjmp and we never free the params.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5985052943187968

Fuzzer: libfuzzer_pdf_codec_png_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  FXMEM_DefaultAlloc
  png_malloc_base
  png_malloc_warn
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=398301:398395

Minimized Testcase (0.11 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94REKo1LdsTBryP-d4gwCAwls8adZkKM7e511KYGcVyHEU_1acfflZBrAQrp2JuaJJgNxypm5rCr4XTBGKMkeCiQJP4cdzggDaiTiMA8yMKlAS3keQmWArOlBCqeNDJs85Wu-Vxwu_cRj7mVFAtbA3tneT_OQ?testcase_id=5985052943187968

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium.git/+/8e783a6b2c165b5d3dcdf9e4d4c2526ac18c77c8

commit 8e783a6b2c165b5d3dcdf9e4d4c2526ac18c77c8
Author: dsinclair <dsinclair@chromium.org>
Date: Tue Sep 06 15:56:46 2016

Avoid leaking params if any entry bad.

The call to png_set_pCAL can call into png_error for several reasons. This CL
verifies that the params are valid before calling into png_set_pCAL.

BUG= chromium:636214 

Review-Url: https://codereview.chromium.org/2292313003

[add] https://crrev.com/8e783a6b2c165b5d3dcdf9e4d4c2526ac18c77c8/third_party/libpng16/0003-check-errors-in-set-pcal.patch
[modify] https://crrev.com/8e783a6b2c165b5d3dcdf9e4d4c2526ac18c77c8/third_party/libpng16/README.pdfium
[modify] https://crrev.com/8e783a6b2c165b5d3dcdf9e4d4c2526ac18c77c8/third_party/libpng16/pngset.c

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium.git/+/8e783a6b2c165b5d3dcdf9e4d4c2526ac18c77c8

commit 8e783a6b2c165b5d3dcdf9e4d4c2526ac18c77c8
Author: dsinclair <dsinclair@chromium.org>
Date: Tue Sep 06 15:56:46 2016

Avoid leaking params if any entry bad.

The call to png_set_pCAL can call into png_error for several reasons. This CL
verifies that the params are valid before calling into png_set_pCAL.

BUG= chromium:636214 

Review-Url: https://codereview.chromium.org/2292313003

[add] https://crrev.com/8e783a6b2c165b5d3dcdf9e4d4c2526ac18c77c8/third_party/libpng16/0003-check-errors-in-set-pcal.patch
[modify] https://crrev.com/8e783a6b2c165b5d3dcdf9e4d4c2526ac18c77c8/third_party/libpng16/README.pdfium
[modify] https://crrev.com/8e783a6b2c165b5d3dcdf9e4d4c2526ac18c77c8/third_party/libpng16/pngset.c

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2dc299ab41565c54c5b7f29a2b61c960682f8d95

commit 2dc299ab41565c54c5b7f29a2b61c960682f8d95
Author: msarett <msarett@google.com>
Date: Tue Sep 06 16:41:03 2016

libpng: Avoid leaking params on bad pCAL chunk

Fix cherry-picked from upstream.  See issue:
https://github.com/glennrp/libpng/issues/133

TBR=thakis@chromium.org
BUG= chromium:636214 

Review-Url: https://codereview.chromium.org/2312933002
Cr-Commit-Position: refs/heads/master@{#416642}

[modify] https://crrev.com/2dc299ab41565c54c5b7f29a2b61c960682f8d95/third_party/libpng/README.chromium
[modify] https://crrev.com/2dc299ab41565c54c5b7f29a2b61c960682f8d95/third_party/libpng/pngset.c

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/94dbab075bf5c090337d20af11c9da059f363bb2

commit 94dbab075bf5c090337d20af11c9da059f363bb2
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Tue Sep 06 17:59:33 2016

Roll src/third_party/pdfium/ 155c88006..8e783a6b2 (1 commit).

https://pdfium.googlesource.com/pdfium.git/+log/155c88006a43..8e783a6b2c16

$ git log 155c88006..8e783a6b2 --date=short --no-merges --format='%ad %ae %s'
2016-09-06 dsinclair Avoid leaking params if any entry bad.

BUG= 636214 

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2317713002
Cr-Commit-Position: refs/heads/master@{#416665}

[modify] https://crrev.com/94dbab075bf5c090337d20af11c9da059f363bb2/DEPS

ClusterFuzz has detected this issue as fixed in range 416637:416712.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5985052943187968

Fuzzer: libfuzzer_pdf_codec_png_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  FXMEM_DefaultAlloc
  png_malloc_base
  png_malloc_warn
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=398301:398395
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=416637:416712

Minimized Testcase (0.11 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94REKo1LdsTBryP-d4gwCAwls8adZkKM7e511KYGcVyHEU_1acfflZBrAQrp2JuaJJgNxypm5rCr4XTBGKMkeCiQJP4cdzggDaiTiMA8yMKlAS3keQmWArOlBCqeNDJs85Wu-Vxwu_cRj7mVFAtbA3tneT_OQ?testcase_id=5985052943187968

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 416647:416734.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6238833073192960

Fuzzer: libfuzzer_pdf_codec_png_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  png_malloc_base
  png_malloc_warn
  png_handle_pCAL
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=410622:410757
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=416647:416734

Minimized Testcase (0.11 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95Pz3yvQuNs_m0Tm1xFeZq9y-WCF4digvYOZE1gg1fAB4NnIZEjWd0rtUbiMbVCrsPZxOAEpkXpgYFgvTulS0gWqX3T-e1oBAW_Fltwc15nmJspsdk-LC5ZAXSrVkuKNwRCyZd07wyNQKMnAPw8WiMzKlAcOQ?testcase_id=6238833073192960

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot