This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium/+/48fbb0f8de36d224eea498ad45f641bb5613e3f0

commit 48fbb0f8de36d224eea498ad45f641bb5613e3f0
Author: Lei Zhang <thestig@chromium.org>
Date: Tue May 02 19:11:28 2017

Pass explicit string size in EncodeToCodewords().

The input wchar_t array is not NUL-terminated.

BUG= chromium:716706 

Change-Id: I0a89324fa46a56a39cc3331fcdd1c26b1550828b
Reviewed-on: https://pdfium-review.googlesource.com/4631
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>

[modify] https://crrev.com/48fbb0f8de36d224eea498ad45f641bb5613e3f0/fxbarcode/datamatrix/BC_C40Encoder.cpp

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium/+/48fbb0f8de36d224eea498ad45f641bb5613e3f0

commit 48fbb0f8de36d224eea498ad45f641bb5613e3f0
Author: Lei Zhang <thestig@chromium.org>
Date: Tue May 02 19:11:28 2017

Pass explicit string size in EncodeToCodewords().

The input wchar_t array is not NUL-terminated.

BUG= chromium:716706 

Change-Id: I0a89324fa46a56a39cc3331fcdd1c26b1550828b
Reviewed-on: https://pdfium-review.googlesource.com/4631
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>

[modify] https://crrev.com/48fbb0f8de36d224eea498ad45f641bb5613e3f0/fxbarcode/datamatrix/BC_C40Encoder.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/fb4de5523fdbcc876f7abb4df92f106c7a1a70e1

commit fb4de5523fdbcc876f7abb4df92f106c7a1a70e1
Author: pdfium-deps-roller@chromium.org <pdfium-deps-roller@chromium.org>
Date: Tue May 02 21:23:14 2017

Roll src/third_party/pdfium/ 336544a74..b8e89e318 (4 commits)

https://pdfium.googlesource.com/pdfium.git/+log/336544a7451a..b8e89e318210

$ git log 336544a74..b8e89e318 --date=short --no-merges --format='%ad %ae %s'
2017-05-02 thestig Roll FreeType to 5a3490e.
2017-04-30 thestig Pass explicit string size in EncodeToCodewords().
2017-04-28 thestig Change BarcodeTest to render to bitmaps.
2017-05-02 npm Add API to create a text object using a loaded font.

Created with:
  roll-dep src/third_party/pdfium
BUG= 716706 


Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls


TBR=dsinclair@chromium.org

Change-Id: I5cf0d9894ca332c50c8970616df1752b01237fbc
Reviewed-on: https://chromium-review.googlesource.com/494089
Reviewed-by: <pdfium-deps-roller@chromium.org>
Commit-Queue: <pdfium-deps-roller@chromium.org>
Cr-Commit-Position: refs/heads/master@{#468774}
[modify] https://crrev.com/fb4de5523fdbcc876f7abb4df92f106c7a1a70e1/DEPS

ClusterFuzz has detected this issue as fixed in range 468743:468783.

Detailed report: https://clusterfuzz.com/testcase?key=5335260582903808

Fuzzer: libfuzzer_pdf_cfx_barcode_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Stack-buffer-overflow READ 12
Crash Address: 0x7f57a155c868
Crash State:
  CFX_WideString::CFX_WideString
  EncodeToCodewords
  CBC_C40Encoder::writeNextTriplet
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=468124:468168
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=468743:468783

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5335260582903808


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot