The result is a list of CLs that change the crashed files.

Author: dsinclair
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/cedaa557316a3f5c436814e69d67f19795f471d7
Time: Wed Aug 24 11:12:19 2016 -0700
Files fpdf_dataavail.cpp, cpdf_parser.cpp are changed in this cl (and is part of stack frame #6, "FPDFAvail_IsDocAvail")
Minimum distance from crash line to modified line: 10. (file: cpdf_parser.cpp, crashed on: 966, modified: 976).

Author: dsinclair
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/a61c01ea4527dd98699005099e9335a4a842b545
Time: Wed Aug 24 10:31:23 2016 -0700
File cpdf_parser.cpp is changed in this cl (and is part of stack frame #0, "CPDF_Parser::LoadCrossRefV5"; frame #1, "CPDF_Parser::LoadCrossRefV4"; frame #2, "CPDF_Parser::LoadAllCrossRefV4")
Minimum distance from crash line to modified line: 19. (file: cpdf_parser.cpp, crashed on: 966, modified: 985).

Suspected Project: chromium-pdfium

This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium.git/+/e8ae48361bd0a4d8df47d925156b4159658a7941

commit e8ae48361bd0a4d8df47d925156b4159658a7941
Author: dsinclair <dsinclair@chromium.org>
Date: Mon Aug 29 18:52:10 2016

Initialize the CPDF_Document pointer

This CL is a speculative fix for the associated BUG. Make sure the CPDF_Document
is initialized in the constructor.

BUG= chromium:640998 

Review-Url: https://codereview.chromium.org/2291743002

[modify] https://crrev.com/e8ae48361bd0a4d8df47d925156b4159658a7941/core/fpdfapi/fpdf_parser/cpdf_parser.cpp

Speculative fix has landed. Will auto-roll into Chromium shortly. Need to wait for clusterfuzz to respond ....

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b80d9eb6c3b98e374b2f8eef570094d66b3406ba

commit b80d9eb6c3b98e374b2f8eef570094d66b3406ba
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Tue Aug 30 05:03:50 2016

Roll src/third_party/pdfium/ 548ea2f7d..35512aa7e (14 commits).

https://pdfium.googlesource.com/pdfium.git/+log/548ea2f7d083..35512aa7e4ac

$ git log 548ea2f7d..35512aa7e --date=short --no-merges --format='%ad %ae %s'
2016-08-29 jaepark Display content of the annotation when mouse hover.
2016-08-29 dsinclair Skip the channel if there is no data.
2016-08-29 tsepez Revert "Add -> operators to CFX_CountRef."
2016-08-29 tsepez Revert "Replace wrapper methods in CPDF_Path with -> operator."
2016-08-29 tsepez Revert "Use ->() in CPDF_ColorState"
2016-08-29 tracy_jiang Fix for #618267. Adding a method to determine if multiplication has overflow.
2016-08-29 dsinclair Verify element exists before accessing.
2016-08-29 tsepez Use ->() in CPDF_ColorState
2016-08-29 stackexploit openjpeg: Prevent an integer overflow in opj_jp2_apply_pclr.
2016-08-29 dsinclair Initialize the CPDF_Document pointer
2016-08-29 tsepez Replace wrapper methods in CPDF_Path with -> operator.
2016-08-29 thestig Add some limit checks to ReadSharedObjHintTable().
2016-08-29 npm Move CFX_SubstFont and CTTFontDesc into their own files
2016-08-29 tonikitoo Fix the test case added in https://codereview.chromium.org/2277063003/

BUG= 62625 , 637232 ,618267, 641076 ,638829, 640998 , 641444 

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2293733002
Cr-Commit-Position: refs/heads/master@{#415132}

[modify] https://crrev.com/b80d9eb6c3b98e374b2f8eef570094d66b3406ba/DEPS

inferno@ can you please check if this has fixed the issue? Feel free to assign back if the problem persists.

ClusterFuzz should autoclose bug in a day if this was fixed. Best to just check back tmrw. Also, report shows last tested revision ([Crash Revision] r415042) which does not have fix yet.

It looks like clusterfuzz is only up to 415049 over the last 5 days?

Looks like a flaky crash for clusterfuzz to verify. just close as fixed.

[2016-09-01 13:42:01] dsinclair@chromium.org: Redo task(s): progression
[2016-09-02 00:32:55] clusterfuzz-windows-0038: Progression task started: r415934.
[2016-09-02 00:43:47] clusterfuzz-windows-0038: Progression task in-progress: Testing r414243:r415934.
[2016-09-02 00:43:51] clusterfuzz-windows-0038: Progression task errored out: Known crash revision 414243 did not crash.
[2016-09-02 00:43:51] clusterfuzz-windows-0038: Progression task errored out: Test case appears to be flaky.

 Issue 663796  has been merged into this issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot