This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

npm@, could you take a look at this issue to see if it is related to your change?
https://pdfium.googlesource.com/pdfium.git/+/73b607fcb5f904893a0610b2c7fb8726d09379e6

Please feel free to re-assign.

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium/+/48a2fac4f04a56d2e1cd7b2e61069fd06d39c1a9

commit 48a2fac4f04a56d2e1cd7b2e61069fd06d39c1a9
Author: Nicolas Pena <npm@chromium.org>
Date: Mon Mar 27 18:42:14 2017

Fix some ASAN issues in fx_skia_device

- Flush is needed in ~CFX_FxgeDevice, otherwise it may be called after deleting
the bitmap, when calling the destructor of the skia device driver.
- SkDashPathEffect::Make copies the given intervals instead of owning them, so
free the input to that method.
- If StartDIBits creates a new CFX_ImageRenderer, then the corresponding
CancelDIBits needs to delete the handle.

Bug:  chromium:705131 
Change-Id: I22c7c51a4070e73538eb8af51a60afeaa67f8bb7
Reviewed-on: https://pdfium-review.googlesource.com/3230
Commit-Queue: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>

[modify] https://crrev.com/48a2fac4f04a56d2e1cd7b2e61069fd06d39c1a9/core/fxge/skia/fx_skia_device.cpp
[modify] https://crrev.com/48a2fac4f04a56d2e1cd7b2e61069fd06d39c1a9/core/fxge/skia/fx_skia_device.h

ClusterFuzz has detected this issue as fixed in range 459845:459877.

Detailed report: https://clusterfuzz.com/testcase?key=5388036520280064

Fuzzer: ifratric_pdf_generic
Job Type: linux_asan_pdfium
Platform Id: linux

Crash Type: Heap-use-after-free READ 4
Crash Address: 0x606000015578
Crash State:
  CFX_DIBitmap::PreMultiply
  SkiaState::FlushPath
  CFX_SkiaDeviceDriver::~CFX_SkiaDeviceDriver
  
Sanitizer: address (ASAN)

Recommended Security Severity: High

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_pdfium&range=459437:459483
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_pdfium&range=459845:459877

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv9690oaWulTfpuHDts_SeMehKUxa7nYPo9tU61vweaRxTwufA9RvB6AwcIxHhRxWMTy29p5oVG_ZkW4UpOV-VAbguLAbfl-aWKVpERBJFMaaAANmhFMh3fQrSGWO1ez6xjPsG2jrCVh_NhjVpSFn9htD33UuH9sJ6pqAje8fedfdrhVhhWyvAF29aP1GY2kGQhmnOlvrK9C3BiCfz0RHe-dlCBQ25od9XaY1XjNBun5mMY3iYQ1ybZtQZ1CkMdSLLs-rDKqxPKizm01FoBwHCV0vgf-cbW7pmpflqpvzyLHo18X5cM6-3Z_24uHALbiyIA9HOwz0DQSahXh6N_80QU6Cjr6SLANQxJUxLniUYhnsjai35I-240nZfmxKpFL6PPBOM4fzsnKvb_KvFn_BIkA0Ft3wQA?testcase_id=5388036520280064


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5388036520280064 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot