Possibly similar to  https://crbug.com/700576 , except this one looks like the fuzzer itself is hitting the bad cast (not within the code being fuzzed)?

XFA is not enabled on any branch of chromium.

ClusterFuzz has detected this issue as fixed in range 456940:456984.

Detailed report: https://clusterfuzz.com/testcase?key=4798231956684800

Fuzzer: libfuzzer_pdf_codec_bmp_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Bad-cast
Crash Address: 0x000002cd4a00
Crash State:
  Bad-cast to CFX_DIBitmap from invalid vptr
  _start
  
Sanitizer: undefined (UBSAN)

Recommended Security Severity: High

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=434175:434379
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=456940:456984

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv96pvrnThgatcvTzJ9_NdkjWbWsYsE1GLzN7yV-8b63_8ycWC5FRNcTciXFHBYqorpnmFVS-DVLgCgUE4EPtg496PsOuhhvComMWMYLhH5iubX_jrLrTlCDwxfP2pxXzPnRWTAUBsiJhA47U6oZnv99L7GSejWLMjYSH62wdwoTgg0UUfcyGcW7APh3EWlz32hxrb_XACvI5g_fIoocKWyRGk4RRzfRYyzZFrSn7gz1QkPgutI26TJze_fJYQxGhM2hp8gpjmvyvUux4s0f2O6zu_3k81VKor7rbDO9uyNGnHkSqRO4SeW3mSAc4jTXIA0T4E5ESYzV8r1CHjmfpRdU6iVh2ApKivnQb4RPKvrP8QKh88lI?testcase_id=4798231956684800


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4798231956684800 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot