bungeman: do you mind following this up? Looks like it's a FreeType issue.

https://chromium.googlesource.com/chromium/src/third_party/freetype2.git/+/91015cb41d8f56777f93394f5a60914bc0c0f330 via r514172 ?

ClusterFuzz has detected this issue as fixed in range 514208:514267.

Detailed report: https://clusterfuzz.com/testcase?key=5156968590475264

Fuzzer: libFuzzer_pdfium_xfa_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  gray_set_cell
  gray_move_to
  FT_Outline_Decompose
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=514152:514175
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=514208:514267

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5156968590475264

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5156968590475264 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

 Issue 782101  has been merged into this issue.

This was reported upstream as

https://savannah.nongnu.org/bugs/index.php?52357

and should now be fixed by upstream change

"* src/smooth/ftgrays.c (gray_set_cell): Fix uninitialized variables."
https://chromium.googlesource.com/chromium/src/third_party/freetype2.git/+/ab6fe0768fd2a319d73adfd6cc1c8338bf2e669c

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot