Tom, this seems related to https://pdfium.googlesource.com/pdfium/+/0004f29bf6ee3c6060a272c79f14993e92e053c7 and its reverts. Can you please take a look?

ClusterFuzz has detected this issue as fixed in range 460866:460935.

Detailed report: https://clusterfuzz.com/testcase?key=5159062150053888

Fuzzer: ifratric_acrojs
Job Type: windows_syzyasan_chrome
Platform Id: windows

Crash Type: Heap-buffer-overflow READ 1
Crash Address: 0x35f2a830
Crash State:
  CFX_ClipRgn::IntersectMaskRect
  CFX_ClipRgn::IntersectRect
  CFX_AggDeviceDriver::SetClip_PathFill
  
Memory Tool: SYZYASAN

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=windows_syzyasan_chrome&range=460139:460171
Fixed: https://clusterfuzz.com/revisions?job=windows_syzyasan_chrome&range=460866:460935

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv96y5m6Y5xQPxj4K9tFPne0WGPNcNULJO8JxGCx_tmTh19Gb4JIvUhJH3v_te_4IBc7CWfyjO_FUXFwGv5ux5JU8S0uoQjxKQapa-9OfmB08L8PJMffCGaZmArhrH-WA8FbQK7PnpKOYB3MzwCWwWVJsUAcY3FZV-pKUGyh6TNeYRQ4sXIA5DGvFq6Iu_vwHKN1-qtQkLpSw0Xn6MWZxEKd8k0TV0Kbg7QEqX-tIzuHhaE2K2KB3sgnPmCuQu4Pmocy_jUr_ZkaUEeBNWQ7kwEK_Z1VauspWEKWLJId-kdcT0VG7PhOaKjuttLnKG0tA0EK5lvtXaUUhNrhAVc3_xzARNj6V-vsQj1USLhbq-Q7tlQgVKiv0uX23uqdAzJ-Rso_E4m3T_kW8vshu8QI82UPc1XQeDA?testcase_id=5159062150053888


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5159062150053888 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot