Assigning to the concern owner from Predator results --
Regression information is not available. The result is the blame information. 

Author: Dan Sinclair
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/1770c021cf998ff1b33855b1397f6ea8ff9f7cd7
Time: Mon Mar 14 14:14:16 2016 -0400
The CL last changed line 314 of file xfa_simpleexpression.cpp, which is stack frame 0. 

Author: Dan Sinclair
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/1770c021cf998ff1b33855b1397f6ea8ff9f7cd7
Time: Mon Mar 14 14:14:16 2016 -0400
The CL last changed line 194 of file xfa_expression.cpp, which is stack frame 1. 

Author: Dan Sinclair
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/1770c021cf998ff1b33855b1397f6ea8ff9f7cd7
Time: Mon Mar 14 14:14:16 2016 -0400
The CL last changed line 36 of file xfa_program.cpp, which is stack frame 3. 

Author: Oliver Chang
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/e67d21825c9fd4b805b9bea211e09225f3c2a85d
Time: Tue Feb 16 11:42:07 2016 -0800
The CL last changed line 25 of file pdf_fm2js_fuzzer.cc, which is stack frame 4.

@Oliver Chang -- Could you please take a look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

XFA issue.

https://pdfium-review.googlesource.com/5331 or change the error handling mechanisms to have an extra boolean error flag, and check for that consistently.

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium/+/d3a3cc24a034654b0825e4822446ddfc6a22c045

commit d3a3cc24a034654b0825e4822446ddfc6a22c045
Author: Lei Zhang <thestig@chromium.org>
Date: Tue May 16 18:28:31 2017

Handle when XFA parser error handlers cannot format error messages.

Limit the length of error messages to avoid string formatting failure.
Simplify some CXFA_FMParse error handling code too.

BUG= chromium:708428 

Change-Id: I2f5fdb61349a90b3ba681dcc04a26ce0d7f2bdda
Reviewed-on: https://pdfium-review.googlesource.com/5331
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>

[modify] https://crrev.com/d3a3cc24a034654b0825e4822446ddfc6a22c045/xfa/fxfa/fm2js/xfa_fmparse.h
[modify] https://crrev.com/d3a3cc24a034654b0825e4822446ddfc6a22c045/xfa/fxfa/parser/cxfa_object.cpp
[modify] https://crrev.com/d3a3cc24a034654b0825e4822446ddfc6a22c045/xfa/fxfa/fm2js/xfa_error.cpp
[modify] https://crrev.com/d3a3cc24a034654b0825e4822446ddfc6a22c045/xfa/fxfa/fm2js/xfa_lexer.cpp
[modify] https://crrev.com/d3a3cc24a034654b0825e4822446ddfc6a22c045/xfa/fxfa/fm2js/xfa_fm2jscontext.cpp
[modify] https://crrev.com/d3a3cc24a034654b0825e4822446ddfc6a22c045/xfa/fxfa/fm2js/xfa_fmparse.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5228a2833da014443b36abc4e1c15e035d5d4d69

commit 5228a2833da014443b36abc4e1c15e035d5d4d69
Author: pdfium-deps-roller@chromium.org <pdfium-deps-roller@chromium.org>
Date: Wed May 17 02:50:16 2017

Roll src/third_party/pdfium/ 58854942e..d3a3cc24a (5 commits)

https://pdfium.googlesource.com/pdfium.git/+log/58854942e06d..d3a3cc24a034

$ git log 58854942e..d3a3cc24a --date=short --no-merges --format='%ad %ae %s'
2017-05-16 thestig Handle when XFA parser error handlers cannot format error messages.
2017-05-16 dsinclair Add formcalc lexer tests.
2017-05-16 dsinclair Update formcalc return types
2017-05-16 dsinclair Do not walk off end of formcalc string
2017-05-16 dsinclair Minor xfa_lexer.cpp cleanup

Created with:
  roll-dep src/third_party/pdfium
BUG= 708428 , 721533 


Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls


TBR=dsinclair@chromium.org

Change-Id: I3fe337c83eaa5f58ee723b5111bc9dcc2b2adcd9
Reviewed-on: https://chromium-review.googlesource.com/506659
Reviewed-by: <pdfium-deps-roller@chromium.org>
Commit-Queue: <pdfium-deps-roller@chromium.org>
Cr-Commit-Position: refs/heads/master@{#472296}
[modify] https://crrev.com/5228a2833da014443b36abc4e1c15e035d5d4d69/DEPS

ClusterFuzz has detected this issue as fixed in range 472292:472325.

Detailed report: https://clusterfuzz.com/testcase?key=6013720242421760

Fuzzer: afl_pdf_fm2js_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000000
Crash State:
  CXFA_FMLogicalOrExpression::ToJavaScript
  CXFA_FMExpExpression::ToImpliedReturnJS
  CXFA_FMFunctionDefinition::ToJavaScript
  
Sanitizer: address (ASAN)

Fixed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=472292:472325

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6013720242421760


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.