Assigning to the concern owner from find it results --
Suspected CLs	The result is a list of CLs that change the crashed files.

Author: thestig
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/4997b22f84307521a62838f874928bf56cd3423c
Time: Tue Jun 07 10:46:22 2016 -0700
Lines 458 of file fx_codec_tiff.cpp which potentially caused crash are changed in this cl (frame #0, "CCodec_TiffContext::Decode").

File fx_codec_progress.cpp is changed in this cl (and is part of stack frame #1, "CCodec_ProgressiveDecoder::ContinueDecode")
Minimum distance from crash line to modified line: 0. (file: fx_codec_tiff.cpp, crashed on: 458, modified: 458).

Author: thestig
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/fcf61b39ee597c73e80ba789833fb7fe49878422
Time: Thu Jun 09 18:29:35 2016 -0700
Lines 447, 453-454 of file fx_codec_tiff.cpp which potentially caused crash are changed in this cl (frame #0, "CCodec_TiffContext::Decode").

Lines 2229-2260 of file fx_codec_progress.cpp which potentially caused crash are changed in this cl (frame #1, "CCodec_ProgressiveDecoder::ContinueDecode").
Minimum distance from crash line to modified line: 0. (file: fx_codec_tiff.cpp, crashed on: 447, modified: 447).

Suspected Project: chromium-pdfium

@thestig -- Could you please look into the issue, kindly re-assign if this is not related to your change.
Thank You.

The TIFF codec is part of XFA and not enabled in any Chrome branch.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/92e90e89cf3af95e0158192205896c6bc4a52d14

commit 92e90e89cf3af95e0158192205896c6bc4a52d14
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Wed Nov 23 03:19:37 2016

Roll src/third_party/pdfium/ c675a2f4a..1a7534a1a (3 commits).

https://pdfium.googlesource.com/pdfium.git/+log/c675a2f4afdd..1a7534a1a477

$ git log c675a2f4a..1a7534a1a --date=short --no-merges --format='%ad %ae %s'
2016-11-22 dsinclair Rename IFWL_App to CFWL_App
2016-11-22 dsinclair Rename IFWL_Timer and IFWL_TimerInfo
2016-11-22 npm Multiply safely in CCodec_TiffContext::Decode

BUG= 667074 

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2525873002
Cr-Commit-Position: refs/heads/master@{#434101}

[modify] https://crrev.com/92e90e89cf3af95e0158192205896c6bc4a52d14/DEPS

ClusterFuzz has detected this issue as fixed in range 434098:434125.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5647559587790848

Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  CCodec_TiffContext::Decode
  CCodec_ProgressiveDecoder::ContinueDecode
  XFACodecFuzzer::Fuzz
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=398351:399229
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=434098:434125

Minimized Testcase (0.41 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94pFl5wqJgS1JZHvTdkPPtv0532rTNkriKUP8OR1sNFi-V0OLGgdbmb_LUE5ukYeYyOoas3UXphwel_oLoS2Uwc8ECZq9WAJI31wGTVgg6JAD7ci46FOUVQXCIC2kSQLLP6E0Hx5cHc_WrKQ4UH2L6QnmIJmw?testcase_id=5647559587790848

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.