This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Hi Dan,

Lei is away (I CC'd him).  Would you mind finding an owner and triaging this security bug?

Clusterfuzz is suspicious of https://pdfium.googlesource.com/pdfium.git/+/fcf61b39ee597c73e80ba789833fb7fe49878422


Thanks!

This is part of XFA which is disabled on all branches of Chrome.

ClusterFuzz has detected this issue as fixed in range 443057:443122.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4986870514843648

Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  TIFFReadDirEntryFloatArray
  TIFFFetchNormalTag
  TIFFReadDirectory
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=398314:399191
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=443057:443122

Minimized Testcase (1.14 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97DH8FHStEv0-MaEyQSxNMcC6QCRp0Q9Od7bPlYgfjQQdcqoQNYZhtRWGz-Akj0nbg9JttqxcP1-E6_RToZBgoXYRjzbdQV-1VR8LBYuYprB0CaXCZs0ObKbJes1tWlUDhd_N3eguMz5Q2sd5nvbeudFTG8pw?testcase_id=4986870514843648

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4986870514843648 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot