Suspected CLs	The result is a list of CLs that change the crashed files.

Author: art-snake
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/ef38283688c1ee7c08bcf4204cfb78e09c039782
Time: Thu Oct 20 13:29:45 2016 -0700
Lines 1629 of file cpdf_data_avail.cpp which potentially caused crash are changed in this cl (frame #1, "CPDF_DataAvail::IsPageAvail").
Minimum distance from crash line to modified line: 0. (file: cpdf_data_avail.cpp, crashed on: 1628, modified: 1628).

Suspected Project: chromium-pdfium

Looks same as  Issue 658168 .

Assigning to Lei@ for further investigation and whichever needs to be worked upon.

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium.git/+/fd5ae3f7cf077d00af0ce3082376f4051c499c5d

commit fd5ae3f7cf077d00af0ce3082376f4051c499c5d
Author: npm <npm@chromium.org>
Date: Fri Oct 21 16:42:33 2016

Revert of Fix loading page using hint tables. (patchset #5 id:80001 of https://codereview.chromium.org/2437773003/ )

Reason for revert:
CPDF_DataAvail::IsPageAvail is causing crashes.

BUG= chromium:658168 ,  chromium:658170 

Original issue's description:
> Fix loading page using hint tables.
>
> When linearized document have hint table,
> The FPDFAvail_IsPageAvail return true, but
> FPDF_LoadPage return nullptr, for non first pages.
>
> This happens, bacause document not use hint tables, to load page.
>
> To fix this, I force save the page's ObjNum in document.
>
> R=npm, dsinclair
>
> Committed: https://pdfium.googlesource.com/pdfium/+/ef38283688c1ee7c08bcf4204cfb78e09c039782

TBR=dsinclair@chromium.org,tsepez@chromium.org,thestig@chromium.org,art-snake@yandex-team.ru
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://chromiumcodereview.appspot.com/2442663005

[modify] https://crrev.com/fd5ae3f7cf077d00af0ce3082376f4051c499c5d/BUILD.gn
[modify] https://crrev.com/fd5ae3f7cf077d00af0ce3082376f4051c499c5d/core/fpdfapi/parser/cpdf_data_avail.cpp
[modify] https://crrev.com/fd5ae3f7cf077d00af0ce3082376f4051c499c5d/core/fpdfapi/parser/cpdf_document.cpp
[delete] https://crrev.com/ef38283688c1ee7c08bcf4204cfb78e09c039782/core/fpdfapi/parser/cpdf_document_unittest.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/27120231729d84f000ee9a01403a757c135946a9

commit 27120231729d84f000ee9a01403a757c135946a9
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Fri Oct 21 20:13:14 2016

Roll src/third_party/pdfium/ ef3828368..fd5ae3f7c (1 commit).

https://pdfium.googlesource.com/pdfium.git/+log/ef38283688c1..fd5ae3f7cf07

$ git log ef3828368..fd5ae3f7c --date=short --no-merges --format='%ad %ae %s'
2016-10-21 npm Revert of Fix loading page using hint tables. (patchset #5 id:80001 of https://codereview.chromium.org/2437773003/ )

BUG= 658168 , 658170 

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls

TBR=dsinclair@chromium.org

Review-Url: https://chromiumcodereview.appspot.com/2441783004
Cr-Commit-Position: refs/heads/master@{#426873}

[modify] https://crrev.com/27120231729d84f000ee9a01403a757c135946a9/DEPS

ClusterFuzz has detected this issue as fixed in range 426818:426954.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6308121011290112

Fuzzer: corpus_builder_pdf
Job Type: linux_asan_pdfium
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000008
Crash State:
  CPDF_DataAvail::IsPageAvail
  FPDFAvail_IsPageAvail
  RenderPdf
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_pdfium&range=426561:426648
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_pdfium&range=426818:426954

Minimized Testcase (480.89 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95CvitOlENgPVSeWqiw0lnV36li2hCpHCfPc1jzqwLqrK_YReG3U0a8jhNI8c1y0ipU02TRmBDwkUgbaUdeow0QZ29_zJxKzlW-n3TMPbwsUn1ooLxoIGJ6-p7tBq_FA7TEWrLC0ZeLiCaASIHssgPzaGS0QYEhSKo3Hqj4YlFNtBdE52c?testcase_id=6308121011290112

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot