This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

halcanary@, do you mind take a look at this bug, since you're the last one modified third_party/skia/src/pdf/SkPDFShader.cpp?  Please feel free to re-assign.

That's my code.  I'll take a look asap.

I suspect that https://review.skia.org/8355 will fix this.

The following revision refers to this bug:
  https://skia.googlesource.com/skia/+/c8f918004a86a11ac8518b56c6ce77f434205987

commit c8f918004a86a11ac8518b56c6ce77f434205987
Author: Hal Canary <halcanary@google.com>
Date: Mon Feb 13 18:59:17 2017

SkPDF: skip shader lookup for SkShader::kColor_GradientType

Also: SkPDFShader::State isi now zero-initilized.

No change in PDF tests.

BUG= chromium:690875 
Change-Id: Ibc56cc9435362733adf50cbb51b11c9413572e7f
Reviewed-on: https://skia-review.googlesource.com/8355
Reviewed-by: Florin Malita <fmalita@chromium.org>
Commit-Queue: Hal Canary <halcanary@google.com>

[modify] https://crrev.com/c8f918004a86a11ac8518b56c6ce77f434205987/src/pdf/SkPDFDevice.cpp
[modify] https://crrev.com/c8f918004a86a11ac8518b56c6ce77f434205987/src/pdf/SkPDFShader.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e1d7115274ee66ed6875376c4eb24131bb6a8bab

commit e1d7115274ee66ed6875376c4eb24131bb6a8bab
Author: skia-deps-roller <skia-deps-roller@chromium.org>
Date: Mon Feb 13 22:00:04 2017

Roll src/third_party/skia/ a12c15376..d2d6d726f (8 commits).

https://skia.googlesource.com/skia.git/+log/a12c15376ce3..d2d6d726fa3e

$ git log a12c15376..d2d6d726f --date=short --no-merges --format='%ad %ae %s'
2017-02-13 mtklein Fix stack alignment in Windows before_loop/after_loop.
2017-02-13 halcanary tools/git-sync-deps: less verbose when fetch is needed
2017-02-13 csmartdalton Make SkAutoTMalloc movable
2017-02-13 jcgregorio fiddle: Fix JSON output logic.
2017-02-12 halcanary SkPDF: skip shader lookup for SkShader::kColor_GradientType
2017-02-13 herb Move GrTessellator from SkChunckAlloc to SkArenaAlloc.
2017-02-13 halcanary SkPDF: better tolerance path conversion to quadratics
2017-02-09 ztenghui A simple gradient test

Created with:
  roll-dep src/third_party/skia
BUG= 690875 , 691386 

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls

CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel
TBR=bungeman@google.com

Review-Url: https://codereview.chromium.org/2695823002
Cr-Commit-Position: refs/heads/master@{#450107}

[modify] https://crrev.com/e1d7115274ee66ed6875376c4eb24131bb6a8bab/DEPS

ClusterFuzz has detected this issue as fixed in range 450038:450108.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4520552841871360

Fuzzer: mbarbella_js_mutation_layout
Job Type: linux_msan_chrome
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  SkPDFShader::State::operator==
  SkPDFCanon::findFunctionShader
  get_pdf_shader_by_state
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=448029:448071
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=450038:450108

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97yLcvy-4rj44L7fv5eGwGoMeBHkizLlNNLkEQe55lKDgdDFrPLW0tpCqas1lDXx9OhDNlUPzFqYPbaOhlsvE75gjfhOMOUfHA-2cqBXkFEcpFIpAK6d0WWBvGqEN2_MJzdAgj5JN1uvTlkBR9j8qKdSkCNBPl_TuPKmxDl5ipi6TCZajalZilkaGs3cEc0gLtNKaDJ1Hp1w19AXnPwgaFyLVum_lPTUJuBFLhagOBChKeL7oYa87mL1x9cX-QklFn5YF-sChah4rsha2ywgO9v2Xg-YsAZH9_uoCJU1EXRbkQNniI-6ftNiiKJGhqL3NjMmM4Py-BxQ6LV2dw8WB0EtDG2TZSkvAjDMg1FIJhBcI8sOBeGi-WFLsvb0EVPaY3LPgJEoKPP97FPupJc_IKpf4xhoQ?testcase_id=4520552841871360


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4520552841871360 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot