Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically adding ccs based on suspected regression changelists:

Cleanup duplicate RunScript code by dsinclair@chromium.org - https://pdfium.googlesource.com/pdfium/+/8cdea72a82aae5e07aa92e9886dbbe635eb8b7cc

Cleanup some param passing code by dsinclair@chromium.org - https://pdfium.googlesource.com/pdfium/+/1d82ba42da7afc4ee0e32b41da36c9f20fd3d070

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

dsinclair, could you please take a look at this one?

This is the LowSeverity memory probe. Removing release block as it only triggers on the memory bots.

https://pdfium-review.googlesource.com/c/pdfium/+/32512

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium/+/a7ff4dc7c27c7940daec9cf740f4b7e7638a45ec

commit a7ff4dc7c27c7940daec9cf740f4b7e7638a45ec
Author: Dan Sinclair <dsinclair@chromium.org>
Date: Mon May 14 20:13:40 2018

Cleanup CPDF_Form parsing code

This CL folds the StartParse() method of CPDF_Form into the
ParserContent method. The no arguments ParseContent is removed and
ParseContentWithParams renamed to ParseContent. The callsites are
updated to pass the nullptr's.

Bug:  chromium:813349 
Change-Id: I304b77aef1de1b9aa20e4a3044db5023f5701584
Reviewed-on: https://pdfium-review.googlesource.com/32511
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>

[modify] https://crrev.com/a7ff4dc7c27c7940daec9cf740f4b7e7638a45ec/core/fpdfapi/page/cpdf_form.cpp
[modify] https://crrev.com/a7ff4dc7c27c7940daec9cf740f4b7e7638a45ec/core/fpdfapi/page/cpdf_streamcontentparser.cpp
[modify] https://crrev.com/a7ff4dc7c27c7940daec9cf740f4b7e7638a45ec/core/fpdfapi/edit/cpdf_pagecontentgenerator_unittest.cpp
[modify] https://crrev.com/a7ff4dc7c27c7940daec9cf740f4b7e7638a45ec/core/fpdfapi/render/cpdf_renderstatus.cpp
[modify] https://crrev.com/a7ff4dc7c27c7940daec9cf740f4b7e7638a45ec/core/fpdfdoc/cpdf_annot.cpp
[modify] https://crrev.com/a7ff4dc7c27c7940daec9cf740f4b7e7638a45ec/fpdfsdk/cpdf_annotcontext.cpp
[modify] https://crrev.com/a7ff4dc7c27c7940daec9cf740f4b7e7638a45ec/core/fpdfapi/page/cpdf_tilingpattern.cpp
[modify] https://crrev.com/a7ff4dc7c27c7940daec9cf740f4b7e7638a45ec/core/fpdfapi/font/cpdf_type3font.cpp
[modify] https://crrev.com/a7ff4dc7c27c7940daec9cf740f4b7e7638a45ec/core/fpdfdoc/cpdf_formcontrol.cpp
[modify] https://crrev.com/a7ff4dc7c27c7940daec9cf740f4b7e7638a45ec/core/fpdfapi/page/cpdf_form.h
[modify] https://crrev.com/a7ff4dc7c27c7940daec9cf740f4b7e7638a45ec/core/fpdfapi/page/cpdf_pageobjectholder.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/58e27abc01d8475e9dbdc85ec7d9fd80f8b72ec7

commit 58e27abc01d8475e9dbdc85ec7d9fd80f8b72ec7
Author: pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Date: Mon May 14 21:41:30 2018

Roll src/third_party/pdfium/ 77c223be1..a7ff4dc7c (1 commit)

https://pdfium.googlesource.com/pdfium.git/+log/77c223be193b..a7ff4dc7c27c

$ git log 77c223be1..a7ff4dc7c --date=short --no-merges --format='%ad %ae %s'
2018-05-14 dsinclair Cleanup CPDF_Form parsing code

Created with:
  roll-dep src/third_party/pdfium
BUG= chromium:813349 


The AutoRoll server is located here: https://pdfium-roll.skia.org

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, please contact the current sheriff, who should
be CC'd on the roll, and stop the roller if necessary.


TBR=dsinclair@chromium.org

Change-Id: Ic2e83914ab3a7df850858f8af5570c0bbeb67ec7
Reviewed-on: https://chromium-review.googlesource.com/1058139
Commit-Queue: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Reviewed-by: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#558474}
[modify] https://crrev.com/58e27abc01d8475e9dbdc85ec7d9fd80f8b72ec7/DEPS

ClusterFuzz has detected this issue as fixed in range 564271:564279.

Detailed report: https://clusterfuzz.com/testcase?key=5649134263205888

Fuzzer: attekett_surku_fuzzer
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Heap-use-after-free READ 1
Crash Address: 0x7b04000047e0
Crash State:
  CPDF_ContentParser::~CPDF_ContentParser
  CPDF_Form::ParseContent
  CPDF_Annot::GetAPForm
  
Sanitizer: thread (TSAN)

Recommended Security Severity: High

Regressed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=533126:533132
Fixed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=564271:564279

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5649134263205888

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5649134263205888 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

I don't have access to the detailed report in Clusterfuzz, but it seems like https://pdfium-review.googlesource.com/c/pdfium/+/33595 accidentally fixed it?

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot