Test Predator has given the following results:

Fix crash when rendering invalid GIF by rharrison@chromium.org
Minimum distance between changed lines and stacktrace lines in fx_codec_progress.cpp is 0
Top touched frame is #0 CCodec_ProgressiveDecoder::GifInputRecordPositionBuf(in fx_codec_progress.cpp)
Changed files ccodec_gifmodule.cpp, ccodec_progressivedecoder.h, fx_codec_progress.cpp, with the same CrashedDirectory(core/fxcodec/codec) as ccodec_gifmodule.cpp (in frame#4), fx_codec_progress.cpp (in frame#0, frame#5) Changed files cgifcontext.cpp, cgifcontext.h, fx_gif.cpp, fx_gif.h, with the same CrashedDirectory(core/fxcodec/lgif) as cgifcontext.cpp (in frame#2), fx_gif.cpp (in frame#3) Changed files xfa_codec_fuzzer.h, with the same CrashedDirectory(testing/libfuzzer) as xfa_codec_fuzzer.h (in frame#6)
Touched files in stacktrace - fx_codec_progress.cpp, cgifcontext.cpp, xfa_codec_fuzzer.h, ccodec_gifmodule.cpp, fx_gif.cpp
Changed files ccodec_gifmodule.cpp, ccodec_progressivedecoder.h, fx_codec_progress.cpp, fx_codec_def.h, cgifcontext.cpp, cgifcontext.h, fx_gif.cpp, fx_gif.h, xfa_codec_fuzzer.h, cxfa_ffimage.cpp, cxfa_ffpageview.cpp, cxfa_ffwidget.cpp, with the same CrashedComponent(Internals>Plugins>PDF) as cgifcontext.cpp (in frame#2), ccodec_gifmodule.cpp (in frame#4), fx_gif.cpp (in frame#3), fx_codec_progress.cpp (in frame#0, frame#5), xfa_codec_fuzzer.h (in frame#6)

@rharrison  -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes.

Thank You.

GIF decoding is XFA only

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium/+/8c806cf08ff928630142f769ca689f7c89bfd648

commit 8c806cf08ff928630142f769ca689f7c89bfd648
Author: Ryan Harrison <rharrison@chromium.org>
Date: Tue Sep 26 20:05:13 2017

Confirm that a global palette has data before attempting to use it

Previous implementation assumed that if the local colour palette was
not specified and the global palette had its size specified, then use
the global. If the global palette is disable, it will not have data,
but it may have a size. Technically the size is giberish in this case,
but the value is allowed to be non-zero, so isn't a sufficient check.

BUG= chromium:768089 

Change-Id: Iaec15fcd65f3983056df7d56d29118a516334cd9
Reviewed-on: https://pdfium-review.googlesource.com/14819
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>

[modify] https://crrev.com/8c806cf08ff928630142f769ca689f7c89bfd648/core/fxcodec/codec/fx_codec_progress.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3f5c52c33f9bc4ff49cc96025efead550b656773

commit 3f5c52c33f9bc4ff49cc96025efead550b656773
Author: pdfium-deps-roller@chromium.org <pdfium-deps-roller@chromium.org>
Date: Tue Sep 26 23:11:24 2017

Roll src/third_party/pdfium/ 7d04f1b0a..3070e94f6 (4 commits)

https://pdfium.googlesource.com/pdfium.git/+log/7d04f1b0ab48..3070e94f608f

$ git log 7d04f1b0a..3070e94f6 --date=short --no-merges --format='%ad %ae %s'
2017-09-26 dsinclair Remove _FX_IOS_
2017-09-26 dsinclair Fix checks for FX_WIN64_DESKTOP
2017-09-26 rharrison Confirm that a global palette has data before attempting to use it
2017-09-26 rharrison Move LZW decoder out of fx_gif

Created with:
  roll-dep src/third_party/pdfium
BUG= 768089 


Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls


TBR=dsinclair@chromium.org

Change-Id: I76d65190d4b2765b754bea7cfc37ee09ed78477d
Reviewed-on: https://chromium-review.googlesource.com/685366
Reviewed-by: <pdfium-deps-roller@chromium.org>
Commit-Queue: <pdfium-deps-roller@chromium.org>
Cr-Commit-Position: refs/heads/master@{#504510}
[modify] https://crrev.com/3f5c52c33f9bc4ff49cc96025efead550b656773/DEPS

ClusterFuzz has detected this issue as fixed in range 504497:504542.

Detailed report: https://clusterfuzz.com/testcase?key=5772214090858496

Fuzzer: libFuzzer_pdf_codec_gif_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000000
Crash State:
  CCodec_ProgressiveDecoder::GifInputRecordPositionBuf
  CCodec_ProgressiveDecoder::GifInputRecordPositionBuf
  CGifContext::GetRecordPosition
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=503730:503770
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=504497:504542

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5772214090858496

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5772214090858496 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.