Suspected CLs	No CL in the regression range changes the crashed files. The result is the blame information.

Author: sammc
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/6f856f785833aae16732c3573ef4174561ce7de4
Time: Tue Jun 30 02:11:23 2015
The CL last changed line 67 of file win_util.cc, which is stack frame 0.

Author: Dan Sinclair
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/764ec513eecbebd12781bcc96ce81ed5e736ee92
Time: Mon Mar 14 13:35:12 2016 -0400
The CL last changed line 230 of file cpdf_hint_tables.cpp, which is stack frame 3.

Author: Dan Sinclair
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/764ec513eecbebd12781bcc96ce81ed5e736ee92
Time: Mon Mar 14 13:35:12 2016 -0400
The CL last changed line 461 of file cpdf_hint_tables.cpp, which is stack frame 4.

Author: Dan Sinclair
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/764ec513eecbebd12781bcc96ce81ed5e736ee92
Time: Mon Mar 14 13:35:12 2016 -0400
The CL last changed line 781 of file cpdf_data_avail.cpp, which is stack frame 5.

Author: Dan Sinclair
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/764ec513eecbebd12781bcc96ce81ed5e736ee92
Time: Mon Mar 14 13:35:12 2016 -0400
The CL last changed line 215 of file cpdf_data_avail.cpp, which is stack frame 6.

Suspected Project: chromium

Unable to find the suspect from CL also,
CL details --
https://chromium.googlesource.com/chromium/src/+log/98bae263014aad2d3ef0910edef31a8ee32a6c17..d1109b15f8669b2c342d87e9ae6e5d8ebd669ada?pretty=fuller

Could some one please look into the issue and update.
Thank You.

dsinclair@ could you please look into this.please feel free to re-assigned back if needed. thanks in advance !

Passing to thestig@ who has been looking at CPDF_HintsTable crashes.

This crash doesn't seem to make sense. We have:

229: hStream->SkipBits(safeTotalPageLen.ValueOrDie());
230: hStream->ByteAlign();

How can we nullptr deref on line 230?

I can't repro the crash on Linux Chrome, or with Linux ASAN + pdfium_test.

Though it does crash on Windows Chrome. Interesting.

Maybe the symbolization is screwed up because of inlining, and we eventually abort on a failed safeTotalPageLen.ValueOrDie() on line 229?

oh, nevermind, that shouldn't happen because of the CanReadFromBitStream check before

https://codereview.chromium.org/2300903002/ - only happens on Windows because FX_FILESIZE is only an int32_t. We may want to consider changing that someday if we ever want to support very large PDFs. The Books team have a few samples.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/dccbd50cab878f34db9f5d4df2642ca1a2ab368e

commit dccbd50cab878f34db9f5d4df2642ca1a2ab368e
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Thu Sep 01 20:19:24 2016

Roll src/third_party/pdfium/ 5e2d5c7ca..8d3ca1484 (1 commit).

https://pdfium.googlesource.com/pdfium.git/+log/5e2d5c7ca2d0..8d3ca14840a0

$ git log 5e2d5c7ca..8d3ca1484 --date=short --no-merges --format='%ad %ae %s'
2016-09-01 thestig Handle another integer overflow in ReadPageHintTable().

BUG= 641882 

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2301173002
Cr-Commit-Position: refs/heads/master@{#416031}

[modify] https://crrev.com/dccbd50cab878f34db9f5d4df2642ca1a2ab368e/DEPS

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot