FindIt result:
==============
Suspected CLs	No CL in the regression range changes the crashed files. The result is the blame information.

Author: Nico Weber
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/9d8ec5a6e37e8d1d4d4edca9040de234e2d4728f
Time: Tue Aug 04 13:00:21 2015 -0700
The CL last changed line 40 of file fx_memory.h, which is stack frame 1.

Author: Dan Sinclair
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/764ec513eecbebd12781bcc96ce81ed5e736ee92
Time: Mon Mar 14 13:35:12 2016 -0400
The CL last changed line 684 of file fx_gif.cpp, which is stack frame 2.

Author: Dan Sinclair
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/764ec513eecbebd12781bcc96ce81ed5e736ee92
Time: Mon Mar 14 13:35:12 2016 -0400
The CL last changed line 638 of file fx_gif.cpp, which is stack frame 3.

Author: dsinclair
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/d55e11eeb8ebf1e226a1166f395ba77248ce84c3
Time: Tue Apr 12 11:21:22 2016 -0700
The CL last changed line 132 of file fx_codec_gif.cpp, which is stack frame 4.

Author: Dan Sinclair
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/764ec513eecbebd12781bcc96ce81ed5e736ee92
Time: Mon Mar 14 13:35:12 2016 -0400
The CL last changed line 1847 of file fx_codec_progress.cpp, which is stack frame 5.

Author: dsinclair
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/5a5f251ce8646ec421aa9e35d8bbca71a984770a
Time: Mon Jun 06 11:52:30 2016 -0700
The CL last changed line 31 of file xfa_codec_fuzzer.h, which is stack frame 6.

Author: kcc
Project: chromium-libfuzzer
Changelist: https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer.git/+/017574a9e1dde70aca4e26283e4145626e0f5d3a
Time: Tue May 10 23:46:50 2016
The CL last changed line 273 of file afl_driver.cpp, which is stack frame 7.

Suspected Project: chromium-pdfium

Based on the above Findit result assigning to thakis@ and cc'ing dsinclair@ for further investigation of this.

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium.git/+/87dffc0315477150c9c1964913b65bc97bdf654f

commit 87dffc0315477150c9c1964913b65bc97bdf654f
Author: dsinclair <dsinclair@chromium.org>
Date: Wed Aug 31 13:03:49 2016

Free the GifPlainText object when complete.

We allocate the GifPlainText object on line ~685 inside GIF_D_STATUS_EXT_PTE.
We cleanup the internal pointers in the gif_destroy_decompress() but we
failed to cleanup the pointer itself.

This CL frees the allocated pointer once the data is cleaned up.

BUG= chromium:638499 

Review-Url: https://codereview.chromium.org/2291143003

[modify] https://crrev.com/87dffc0315477150c9c1964913b65bc97bdf654f/core/fxcodec/lgif/fx_gif.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ac9db991e7ca1195b695b02474ba54db6a3fceb5

commit ac9db991e7ca1195b695b02474ba54db6a3fceb5
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Wed Aug 31 15:23:15 2016

Roll src/third_party/pdfium/ 7e7ef3dd6..87dffc031 (1 commit).

https://pdfium.googlesource.com/pdfium.git/+log/7e7ef3dd60a8..87dffc031547

$ git log 7e7ef3dd6..87dffc031 --date=short --no-merges --format='%ad %ae %s'
2016-08-31 dsinclair Free the GifPlainText object when complete.

BUG= 638499 

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2296183002
Cr-Commit-Position: refs/heads/master@{#415637}

[modify] https://crrev.com/ac9db991e7ca1195b695b02474ba54db6a3fceb5/DEPS

ClusterFuzz has detected this issue as fixed in range 415614:415641.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4555236511580160

Fuzzer: afl_pdf_codec_gif_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  gif_decode_extension
  gif_get_frame
  CCodec_GifModule::LoadFrameInfo
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=402185:402404
Fixed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=415614:415641

Minimized Testcase (0.08 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97Diz6GdOzetLMYjx-VQ2ztu_gX5GqQkVSJP7YkzFr4nwqMaEjWw_nxTDWMSl2zOQIMiHvN0UKyH9yakYRrIK-EENp47PW8dEYa4LEYu_tm3gk0mtZ2s-RiEJ1k6rzPeOJE2lR6lXcFTHT90iw64e78O2gibg?testcase_id=4555236511580160

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot