thestig@, assigning to you as an author of the fuzzer. Please re-assign if needed.

This one is actually a buffer underflow. :(

https://codereview.chromium.org/2298753003/

I am currently playing with a crash minimizer in libFuzzer, 
so just FTR here is a smaller input (88 bytes)

Deleted: minimized-139b96d2e393436c511c07ffdf75eaa687a14d90 88 bytes

minimized-139b96d2e393436c511c07ffdf75eaa687a14d90 88 bytes View Download

Max, did libFuzzer find it too? 
In my local run libFuzzer has no trouble finding it either from
empty corpus or from the full CF corpus. 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/31086e1ecaae43136ccdc3c4529092f432886ec0

commit 31086e1ecaae43136ccdc3c4529092f432886ec0
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Thu Sep 01 02:12:37 2016

Roll src/third_party/pdfium/ 21b111fcf..380f53ec1 (3 commits).

https://pdfium.googlesource.com/pdfium.git/+log/21b111fcf71e..380f53ec1d0a

$ git log 21b111fcf..380f53ec1 --date=short --no-merges --format='%ad %ae %s'
2016-08-31 thestig Revert of Fix gn gn --check complaints about fxcrt. (patchset #1 id:1 of https://codereview.chromium.org/2289263005/ )
2016-08-31 thestig Check first page number in CPDF_HintTables::ReadPageHintTable().
2016-08-31 thestig Fix gn gn --check complaints about fxcrt.

BUG= 642655 

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2301803002
Cr-Commit-Position: refs/heads/master@{#415848}

[modify] https://crrev.com/31086e1ecaae43136ccdc3c4529092f432886ec0/DEPS

Kostya, no, libfuzzer hasn't found it at ClusterFuzz.

I've checked logs, there are many OOM crashes, but less than half of all runs.

I'm trying to find it locally using the vulnerable revision, no luck yet.

Btw, OOM has been reported and fixed as well:  bug 641444 .

With a fresh libfuzzer I get it found incredibly fast. Rolling out new version to Chromium right now!

>> With a fresh libfuzzer
Ah, yes, I was experimenting with libFuzzer head. Cool!
(apparently, one of my recent new Mutators helped)

Yeah, I hope to see a bunch of new bugs tomorrow due to new Mutators!

ClusterFuzz has detected this issue as fixed in range 415826:415891.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6751907727278080

Fuzzer: afl_pdf_hint_table_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  CPDF_HintTables::ReadPageHintTable
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=413317:413339
Fixed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=415826:415891

Minimized Testcase (5.36 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96Z8VXvdr3Ie-FKE5mVQQcqHRJzs5aUuV2nSlsn-hA544RcP_faRUNE43ArhiJIFP83Bv3H8MC-_6mTs00odprVgVRs9-MkI79IQL4lq62BvLi0a2pFBCwavfUAZOJ8zIZxYGNOzt-IIULz8_YUIBls1o6Lzg?testcase_id=6751907727278080

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot