Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically adding ccs based on suspected regression changelists:

Cleanup duplicate RunScript code by dsinclair@chromium.org - https://pdfium.googlesource.com/pdfium/+/8cdea72a82aae5e07aa92e9886dbbe635eb8b7cc

Cleanup some param passing code by dsinclair@chromium.org - https://pdfium.googlesource.com/pdfium/+/1d82ba42da7afc4ee0e32b41da36c9f20fd3d070

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The stack doesn't seem to make a lot of sense that ClusterFuzz is providing. I don't think this is related to my CLs.

hnakashima@ can you take a look?

Adding Needs-Bisect in the hope we can get a better regression range.

Isn't TSAN reporting UAF also weird?

This is ProbeForLowSeverityLifetimeIssue, but the report doesn't make it obvious.

Tom, bisect points at https://pdfium-review.googlesource.com/c/pdfium/+/24671 as culprit. Can you take a look?

Yes, but that's just the CL that turns on detection.  The dangling pointer so flagged is a pre-existing issue.

ProbeForLowSeverityLifetimeIssue is a low severity issue.

Since this is low severity, it doesn't block the release.

ClusterFuzz has detected this issue as fixed in range 535983:535984.

Detailed report: https://clusterfuzz.com/testcase?key=5464984369496064

Fuzzer: attekett_surku_fuzzer
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Heap-use-after-free READ 1
Crash Address: 0x7b0400004cc0
Crash State:
  CPDF_ContentParser::~CPDF_ContentParser
  CPDF_Form::ParseContent
  CPDF_Annot::GetAPForm
  
Sanitizer: thread (TSAN)

Recommended Security Severity: High

Regressed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=533126:533132
Fixed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=535983:535984

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5464984369496064

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5464984369496064 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

The Chrome VRP panel took a look at this and decided that it was very unlikely to be exploitable, so declined to reward.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot