thestig, are you the right owner for this? thanks.

Looks like we need to do another follow up after fixing  bug 666616  in r434734.

https://codereview.chromium.org/2537973003

This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/149f2a418b32edc71ce700e75084fccf2ce6eb2a

commit 149f2a418b32edc71ce700e75084fccf2ce6eb2a
Author: thestig <thestig@chromium.org>
Date: Wed Nov 30 17:52:57 2016

One more check for PrintWebViewHelper validity.

This check should have been in r434734.

BUG= 669534 

Review-Url: https://codereview.chromium.org/2537973003
Cr-Commit-Position: refs/heads/master@{#435323}

[modify] https://crrev.com/149f2a418b32edc71ce700e75084fccf2ce6eb2a/components/printing/renderer/print_web_view_helper.cc

ClusterFuzz has detected this issue as fixed in range 435314:435416.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5754609055563776

Fuzzer: cdiehl_peach
Job Type: linux_asan_chrome_media
Platform Id: linux

Crash Type: Heap-use-after-free READ 4
Crash Address: 0x61100001b7dc
Crash State:
  printing::PrintWebViewHelper::OnMessageReceived
  content::RenderFrameImpl::OnMessageReceived
  content::ChildThreadImpl::OnMessageReceived
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_media&range=434678:434769
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_media&range=435314:435416

Minimized Testcase (953.89 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94F1azWt_SdrRZJ4bx0hPi8cmk-13Gl4MWJltieZ7oVD7lci13RzJJ8rMGLadq4yxRUvXpSfJ0l2HRRjAg6y779Mc63DoRk-yE7A7bM-4GphogTaJOYGnigvzajuOsoDrX48HT88d6SXugqp_dPYlHQMO5V89mztxrrza9mSem8JkO-D7Y?testcase_id=5754609055563776

Additional requirements: Requires Gestures

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Now that ClusterFuzz has verified the fix, requesting merge into M56.

Your change meets the bar and is auto-approved for M56 (branch: 2924)

I'll take care of the merge.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a6e404a5004dc4ac3c9860371f824ba13bcaf5f7

commit a6e404a5004dc4ac3c9860371f824ba13bcaf5f7
Author: Nasko Oskov <nasko@chromium.org>
Date: Thu Dec 01 18:07:52 2016

One more check for PrintWebViewHelper validity.

This check should have been in r434734.

BUG= 669534 

Review-Url: https://codereview.chromium.org/2537973003
Cr-Commit-Position: refs/heads/master@{#435323}
(cherry picked from commit 149f2a418b32edc71ce700e75084fccf2ce6eb2a)

Review URL: https://codereview.chromium.org/2545853002 .

Cr-Commit-Position: refs/branch-heads/2924@{#251}
Cr-Branched-From: 3a87aecc31cd1ffe751dd72c04e5a96a1fc8108a-refs/heads/master@{#433059}

[modify] https://crrev.com/a6e404a5004dc4ac3c9860371f824ba13bcaf5f7/components/printing/renderer/print_web_view_helper.cc

Congratulations!  The panel has awarded $1,500 for this bug.

Re #15: This was found by clusterfuzz. Wrong bug?

This was found by Peach. Looks legit to me. ;-)

Re #17: Ah, fair enough, didn't see that :)

Yep - this is running under the Chrome Fuzzer Program (g.co/ChromeBugRewards)

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot