Hi Dan,

Assigning this security bug to you.  Clusterfuzz is suspicious of thestig's CL for touching CCodec_TiffContext::Decode: https://pdfium.googlesource.com/pdfium.git/+/fcf61b39ee597c73e80ba789833fb7fe49878422.

Thanks!

This is XFA and XFA is disabled in all branches of Chrome.

ClusterFuzz has detected this issue as fixed in range 443057:443122.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6112005883953152

Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  FPDFAPI_inflate
  PixarLogDecode
  PredictorDecodeTile
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=398314:399191
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=443057:443122

Minimized Testcase (2.15 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96cFxUu91z6xr_h_b2pMQq4PoCw66oEno3P-xwEeaz9tzx-mg-RaaE0bBAqa9Od7SUSpprT_Rq6ghP3BfAvVOs8D2WFcrMpolyhTAKbB3wbi_wL_pj9lfRZAmIgOkXyArNBZcSagLyO7-2rtBsn9ITwg_cKUA?testcase_id=6112005883953152

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6112005883953152 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot