This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Fixing Component based on file path of  third_party/pdfium/core/fxcodec/codec/fx_codec_fax.cpp

thestig@ could you please look into this and assign an appropriate owner if needed? 

This issue appears very similar to  issue 648937 . 

It looks like we just turned on fuzzing for this area (via https://chromium.googlesource.com/chromium/src/+/a6dc4f682f6db2b4792963ef5a26929d8a728f2a)

Now that the fax fuzzer is finding bugs... any interest in taking them?

Looks related to  bug 648937  but not immediately obvious if it's the exact same bug.

 Issue 648937  has been merged into this issue.

https://codereview.chromium.org/2369433002

My attempt CL
https://codereview.chromium.org/2360283004/

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7563d3dfa905fb2095e715406bf85b19df9d07a7

commit 7563d3dfa905fb2095e715406bf85b19df9d07a7
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Fri Sep 23 17:56:10 2016

Roll src/third_party/pdfium/ 3f4111fbf..4dd613cb5 (1 commit).

https://pdfium.googlesource.com/pdfium.git/+log/3f4111fbff12..4dd613cb51c1

$ git log 3f4111fbf..4dd613cb5 --date=short --no-merges --format='%ad %ae %s'
2016-09-23 kcwu Bail out on bad width and height in CCodec_FaxDecoder::CreateDecoder

BUG= 648935 , 649436 

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2364973002
Cr-Commit-Position: refs/heads/master@{#420655}

[modify] https://crrev.com/7563d3dfa905fb2095e715406bf85b19df9d07a7/DEPS

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

ClusterFuzz has detected this issue as fixed in range 420614:420693.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4740113399808000

Fuzzer: afl_pdf_codec_fax_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x7f0ac7afbb32
Crash State:
  FindBit
  FaxG4GetRow
  CCodec_FaxDecoder::v_GetNextLine
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=419847:419947
Fixed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=420614:420693

Minimized Testcase (0.03 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94FvLQJkIulJB61isJ-sfw5aPbGe5wavyaLXVaYYzJgfIU0WgaTmYGJKzq4rt62fAtALAUuUmStt1VuZbM7MRqfuIp_och3yQX5dRrIj-Wwce_3EpUKsy72hnOJhhYwx3dHhSOihoelFbxA2DxIyRayPAd36A?testcase_id=4740113399808000

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot