This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This looks similar to #706520

 Issue 706705  has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/026a2f4a1f023de9bf72674db9c88cdcf651418e

commit 026a2f4a1f023de9bf72674db9c88cdcf651418e
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Thu Mar 30 23:12:03 2017

Roll src/third_party/pdfium/ 213f01205..bf9104d58 (15 commits)

https://pdfium.googlesource.com/pdfium.git/+log/213f01205a77..bf9104d5825d

$ git log 213f01205..bf9104d58 --date=short --no-merges --format='%ad %ae %s'
2017-03-30 tsepez vswprintf() part 1: move code, create helper function.
2017-03-30 dsinclair Move CXFA_XMLParser to CFDE_XMLParser
2017-03-30 thestig Fix some nits in the javascript util code.
2017-03-30 dsinclair Add some calls to MakeUnique
2017-03-30 dsinclair Move core/fxcrt XML files to core/fxcrt/xml
2017-03-30 tsepez Avoid one more instance of the anti-pattern in 706346.
2017-03-30 npm Libtiff security upstream patches
2017-03-30 dsinclair Rename tto/fde_textout to cfde_textout
2017-03-30 dsinclair Move CFX files into fxcrt
2017-03-30 thakis Revert "Enable Wshift-negative-value in PDFium."
2017-03-30 tsepez Protect against premature mask destruction in CFX_ClipRgn::IntersectRect
2017-03-30 drott Remove unnecessary FreeType include.
2017-03-30 dsinclair Rename FDE files to match contents.
2017-03-30 drott Fix Chromium XFA build
2017-03-30 dsinclair Rename fgas_stream to ifgas_stream

Created with:
  roll-dep src/third_party/pdfium
BUG= 507717 , 706346 , 706824 , 706824 

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2787763003
Cr-Commit-Position: refs/heads/master@{#460917}

[modify] https://crrev.com/026a2f4a1f023de9bf72674db9c88cdcf651418e/DEPS

ClusterFuzz has detected this issue as fixed in range 460866:460944.

Detailed report: https://clusterfuzz.com/testcase?key=5088329306734592

Fuzzer: ifratric_pdf_generic
Job Type: linux_asan_pdfium
Platform Id: linux

Crash Type: Heap-use-after-free READ 1
Crash Address: 0x60d00002a61f
Crash State:
  CFX_ClipRgn::IntersectMaskRect
  CFX_AggDeviceDriver::SetClip_PathFill
  CFX_RenderDevice::SetClip_PathFill
  
Sanitizer: address (ASAN)

Recommended Security Severity: High

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_pdfium&range=460124:460171
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_pdfium&range=460866:460944

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv945RM0a24TRSTYWli8NwRHeFbeau9AYPjs-StDJ9Mnn8jAvaCrVRulpwd2cthHghfbP2am7TnYc84foPqffCkDVWZvVYeSsSJaiE3TXdZl6xp2sEEmOYzYxKl4xjYoxGKOCEkE4WcRuBcqTaT6iX-SM_TlsNJ2Xgeob-rKFekBznGH9f6siD9OHh54Dr1jGqNlrChbTea_-8Bs13CqAi2GGspGX9GudBOhVGOFrGdf07qw3jbHwx5ZtHQVNCfQiq6Qn9_2RlBA0u1nGqdg08uvko7b_x-KMNbipjettNgG6h-TIRzlr7LfbyUODPAGTlt3kujVsD3p5MWuqc7RLhQaGxOwxavDCAI7uF431SI2pWJt4ERXBhKMpBvu_e23AuzOH2kq7yoD9z4I0vMr97X-KfcaqYw?testcase_id=5088329306734592


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5088329306734592 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Issue 706520 has been merged into this issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot