This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

quite a lot of changes in this code recently, dsinclair or tsepez could you take a look...?

Adding npm@ for font fun.

https://cs.chromium.org/chromium/src/third_party/pdfium/core/fpdfapi/font/fpdf_font_cid.cpp?rcl=76020fc9751e55661d1c01b6cd92dfcb1fd56e6a&l=686

Lines 688 - 690 are inconsistent with themselves.  We want to zero the start of the buffer, not the end of the buffer where we just placed the character.

And the bonehead award goes to me for introducing this at https://pdfium-review.googlesource.com/c/5012/

ClusterFuzz has detected this issue as fixed in range 473407:473417.

Detailed report: https://clusterfuzz.com/testcase?key=6099078344867840

Fuzzer: ifratric_pdf_generic
Job Type: linux_msan_pdfium
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  CPDF_CMap::GetNextChar
  CPDF_Font::GetStringWidth
  CPDF_TextPage::GetCharWidth
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_pdfium&range=469838:469862
Fixed: https://clusterfuzz.com/revisions?job=linux_msan_pdfium&range=473407:473417

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6099078344867840


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6099078344867840 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot