Mind taking a look at this one, dsinclair@?

This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This is likely my change at https://pdfium.googlesource.com/pdfium/+/33fdebc3da676bff84d0fd0f69b9087c0c12dfeb

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/34a993902e8f5ca304ab9bf6de469c13dd6a0efc

commit 34a993902e8f5ca304ab9bf6de469c13dd6a0efc
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Sat Nov 12 03:42:49 2016

Roll src/third_party/pdfium/ c40697b24..27e66753c (4 commits).

https://pdfium.googlesource.com/pdfium.git/+log/c40697b24550..27e66753c8bd

$ git log c40697b24..27e66753c --date=short --no-merges --format='%ad %ae %s'
2016-11-11 dsinclair IFWL cleanup in the Combo classes
2016-11-11 tsepez Fix unique ptrs in fpdfppo.cpp
2016-11-11 tsepez Add fpdfppo_embeddertest.cpp.
2016-11-11 npm Remove IFGAS_FontMgr and clean up (the renamed) CFGAS_FontMgr a little.

BUG= 664284 

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2492423002
Cr-Commit-Position: refs/heads/master@{#431761}

[modify] https://crrev.com/34a993902e8f5ca304ab9bf6de469c13dd6a0efc/DEPS

This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

ClusterFuzz has detected this issue as fixed in range 431691:431772.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6673251834265600

Fuzzer: ifratric_acrojs
Job Type: linux_ubsan_vptr_chrome
Platform Id: linux

Crash Type: Bad-cast
Crash Address: 0x0890da4ca7b0
Crash State:
  Bad-cast to CPDF_Object from invalid vptr
  CPDF_Creator::InitNewObjNumOffsets
  CPDF_Creator::WriteDoc_Stage1
  
Recommended Security Severity: High

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_chrome&range=429962:430084
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_chrome&range=431691:431772

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96JXI1t6Zvbiz1-2qkqKgx3jm5tIfXu0UXW_2MtiTTbiSD6-WAbDUasYa4nEf30jnPZd887y8ri73IKItjcpEmM53L2d7Pbmkzk5R25iDoK37AAJQrGZ6A4ctPQkev0v84MuY0wj7cUQQ0-QMWGesV1id4aKNuoyezPPHKdEfnku_o0Kuw?testcase_id=6673251834265600


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot