This one should be pretty easy to fix but I won't get a shot till late June.  In the mean time, I think all that has to happen is the assignment to  m_pVScrollBar at 
https://cs.chromium.org/chromium/src/third_party/pdfium/fpdfsdk/pdfwindow/PWL_Wnd.cpp?rcl=1d95c68f912102dfda5d6e9ad7ca79411cda5900&l=272 needs to move up to line 256, since the scrollbar is likely one of the children about to bashed in the subsequent lines.

 Issue 730615  has been merged into this issue.

https://pdfium-review.googlesource.com/c/6418/

Above CL landed.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e635c3f42d2634a3335fea3671efeb95b3b898da

commit e635c3f42d2634a3335fea3671efeb95b3b898da
Author: pdfium-deps-roller@chromium.org <pdfium-deps-roller@chromium.org>
Date: Tue Jun 13 19:01:54 2017

Roll src/third_party/pdfium/ d3b90ac1e..6500c6faf (5 commits)

https://pdfium.googlesource.com/pdfium.git/+log/d3b90ac1ee24..6500c6faf82f

$ git log d3b90ac1e..6500c6faf --date=short --no-merges --format='%ad %ae %s'
2017-06-13 npm Check validity of color indices in bmp_decode_rgb
2017-06-09 thestig Implement CPWL_ComboBox::OnDestroy() to manage unowned pointers.
2017-06-13 dsinclair Add CFGAS_FormatString helper to extract digits.
2017-06-09 hnakashima Converting CFX_ByteTextBuf to ostringstream in cpdf_pagecontentgenerator.
2017-06-09 hnakashima Converting CFX_ByteTextBuf to ostringstream in cpdf_syntax_parser.cpp.

Created with:
  roll-dep src/third_party/pdfium
BUG= 729041 


Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls


TBR=dsinclair@chromium.org

Change-Id: I5ec0ed1fb45141f2523c87034f4691e6207f0db6
Reviewed-on: https://chromium-review.googlesource.com/533894
Reviewed-by: <pdfium-deps-roller@chromium.org>
Commit-Queue: <pdfium-deps-roller@chromium.org>
Cr-Commit-Position: refs/heads/master@{#479087}
[modify] https://crrev.com/e635c3f42d2634a3335fea3671efeb95b3b898da/DEPS

ClusterFuzz has detected this issue as fixed in range 479057:479094.

Detailed report: https://clusterfuzz.com/testcase?key=4515784671100928

Fuzzer: ifratric_pdf_generic
Job Type: linux_asan_pdfium
Platform Id: linux

Crash Type: Heap-use-after-free READ 1
Crash Address: 0x61300018b4c0
Crash State:
  CPWL_Wnd::Destroy
  CPWL_Wnd::Destroy
  CFFL_FormFiller::DestroyWindows
  
Sanitizer: address (ASAN)

Recommended Security Severity: High

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_pdfium&range=476154:476189
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_pdfium&range=479057:479094

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4515784671100928


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

 Issue 733170  has been merged into this issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot