Unable to find actual suspect through code search and also observing no suspecting CL under regression range, hence cc'ing to rharrison@ for more updates on this issue.

rharrison@ Would you mind taking a look in to this issue?

Thanks!

Is there anything to be done here? OOM could also be caused by poorly written fuzzer, right?

Likely just a really big GIF, but taking a look.

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium/+/2456bbcbf51ed82ae9ce2836619bbebc5b926976

commit 2456bbcbf51ed82ae9ce2836619bbebc5b926976
Author: Ryan Harrison <rharrison@chromium.org>
Date: Wed Apr 25 21:29:44 2018

Don't store CE (comment extension) block data when decoding GIF

GIF extensions are laid out as follows: <size byte> <chunk of data>
<size byte> <chunk of data> ... <terminator byte>. The decoder needs
to scan along the data, finding the size bytes to determine where
the block ends in the stream, even if we don't care about the
content. Currently the decoder is storing all of the data chunks,
which are never used and take a lot of time to concat together if
they are very small.

Our implementation of the GIF spec does not handle this extension, so
when scanning for the end of the block, just don't bother storing
data from it.

BUG= chromium:833168 

Change-Id: Iadf3ab3afd8145b6c5c7c22c30fe9316efcafc15
Reviewed-on: https://pdfium-review.googlesource.com/31315
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>

[modify] https://crrev.com/2456bbcbf51ed82ae9ce2836619bbebc5b926976/core/fxcodec/gif/cfx_gifcontext.h
[modify] https://crrev.com/2456bbcbf51ed82ae9ce2836619bbebc5b926976/core/fxcodec/gif/cfx_gifcontext.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a480e6e3ceb63b791e0f377fb6a84f78bff285f1

commit a480e6e3ceb63b791e0f377fb6a84f78bff285f1
Author: pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Date: Thu Apr 26 05:19:57 2018

Roll src/third_party/pdfium/ 7132ee359..9b8b217e6 (7 commits)

https://pdfium.googlesource.com/pdfium.git/+log/7132ee35925f..9b8b217e6f8f

$ git log 7132ee359..9b8b217e6 --date=short --no-merges --format='%ad %ae %s'
2018-04-25 tsepez Replace reinterpret_cast with static_cast where possible
2018-04-25 hnakashima Make XFA Caret become immediately visible when moved.
2018-04-25 rharrison Use local for return value in factory method
2018-04-25 rharrison Don't store CE (comment extension) block data when decoding GIF
2018-04-25 thestig Use a bool in FindBit() in the fax codec.
2018-04-25 thestig Add PostScript PASSTHROUGH options to FPDF_SetPrintMode().
2018-04-25 thestig Use PredictorType in more places.

Created with:
  roll-dep src/third_party/pdfium
BUG= chromium:835608 , chromium:833168 


The AutoRoll server is located here: https://pdfium-roll.skia.org

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, please contact the current sheriff, who should
be CC'd on the roll, and stop the roller if necessary.


TBR=dsinclair@chromium.org

Change-Id: Ib59b785d5d3425a110c42e7af4b7eb1533232813
Reviewed-on: https://chromium-review.googlesource.com/1029189
Reviewed-by: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Commit-Queue: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#553925}
[modify] https://crrev.com/a480e6e3ceb63b791e0f377fb6a84f78bff285f1/DEPS

ClusterFuzz has detected this issue as fixed in range 553849:553940.

Detailed report: https://clusterfuzz.com/testcase?key=5501313190985728

Fuzzer: libFuzzer_pdf_codec_gif_fuzzer
Job Type: mac_libfuzzer_chrome_asan
Platform Id: mac

Crash Type: Out-of-memory (exceeds 2048 MB)
Crash Address: 
Crash State:
  pdf_codec_gif_fuzzer
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_libfuzzer_chrome_asan&range=417990:418014
Fixed: https://clusterfuzz.com/revisions?job=mac_libfuzzer_chrome_asan&range=553849:553940

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5501313190985728

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5501313190985728 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.