Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://pdfium.googlesource.com/pdfium/+/56b08b1f2bb8a4eb9330963bff3a626603499730 (Make CXFA_SimpleParser members const or Unowned.).

If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.

https://pdfium-review.googlesource.com/c/pdfium/+/20391

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium/+/82f2afe603ccb1e879a7a292259b0882b3d27bb6

commit 82f2afe603ccb1e879a7a292259b0882b3d27bb6
Author: Lei Zhang <thestig@chromium.org>
Date: Tue Dec 05 20:26:52 2017

Fix CXFA_SimpleParser member destruction order.

To avoid confusing UnownedPtr.

BUG= chromium:791616 

Change-Id: Ieb637f726049eee7c640b6de3b6ecd848ab40384
Reviewed-on: https://pdfium-review.googlesource.com/20391
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>

[modify] https://crrev.com/82f2afe603ccb1e879a7a292259b0882b3d27bb6/xfa/fxfa/parser/cxfa_simple_parser.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/574b1c70e4a094b8257994a1c21a7d86ec037f9a

commit 574b1c70e4a094b8257994a1c21a7d86ec037f9a
Author: pdfium-deps-roller@chromium.org <pdfium-deps-roller@chromium.org>
Date: Tue Dec 05 22:03:42 2017

Roll src/third_party/pdfium/ 12ec6760a..c45271e05 (3 commits)

https://pdfium.googlesource.com/pdfium.git/+log/12ec6760afd9..c45271e053c8

$ git log 12ec6760a..c45271e05 --date=short --no-merges --format='%ad %ae %s'
2017-12-05 thestig Remove redundant field in struct FXCMAP_CMap.
2017-12-05 thestig Fix CXFA_SimpleParser member destruction order.
2017-12-05 thestig Avoid integer overflows in CPDF_FixedMatrix::Transform().

Created with:
  roll-dep src/third_party/pdfium
BUG= 791616 ,791048


The AutoRoll server is located here: https://pdfium-roll.skia.org

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, please contact the current sheriff, who should
be CC'd on the roll, and stop the roller if necessary.


TBR=dsinclair@chromium.org

Change-Id: Id9a3a2c72218d95099dc5a350d51e2050758e565
Reviewed-on: https://chromium-review.googlesource.com/809312
Reviewed-by: <pdfium-deps-roller@chromium.org>
Commit-Queue: <pdfium-deps-roller@chromium.org>
Cr-Commit-Position: refs/heads/master@{#521848}
[modify] https://crrev.com/574b1c70e4a094b8257994a1c21a7d86ec037f9a/DEPS

ClusterFuzz has detected this issue as fixed in range 521832:521908.

Detailed report: https://clusterfuzz.com/testcase?key=6645768437104640

Fuzzer: libFuzzer_pdfium_xfa_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Heap-use-after-free READ 1
Crash Address: 0x60e0000004a0
Crash State:
  fxcrt::UnownedPtr<CFX_XMLParser>::ProbeForLowSeverityLifetimeIssue
  CXFA_DocumentParser::~CXFA_DocumentParser
  CXFA_FFDoc::~CXFA_FFDoc
  
Sanitizer: address (ASAN)

Recommended Security Severity: High

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=521280:521292
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=521832:521908

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6645768437104640

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6645768437104640 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot