Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://pdfium.googlesource.com/pdfium/+/c760024a54b92a2e091cfcae4d9bbb7d52e66374 (Upgrade LibTIFF to 4.0.8).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

npm: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

TIFF is XFA only

rharrison: is XFA not enabled? Does that mean we should make this a non-security issue (to remove it from the sheriff queue)? Otherwise it needs to have Impact and Severity labels.

If XFA isn't enabled yet but we have plans to soon it may make sense to keep this as a security issue.

An XFA only PDF(ium) issue should have:

- The appropriate Severity level set, so we can gauge how bad it is.
- Impact set to None, because it does not impact the shipped product.

Assigning all my PDF bugs to dsinclair@ for triaging. Will not be working on PDFium for a month.

ClusterFuzz has detected this issue as fixed in range 554444:554500.

Detailed report: https://clusterfuzz.com/testcase?key=6710204438937600

Fuzzer: libFuzzer_pdf_codec_tiff_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  LZWPreDecode
  TIFFStartStrip
  TIFFFillStrip
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=488353:488466
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=554444:554500

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6710204438937600

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6710204438937600 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

I rolled libtiff to 4.0.9 on Friday, so this was likely fixed by that.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot