Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Automatically adding ccs based on suspected regression changelists:

Update caret after changes that could move lines in XFA edit. by hnakashima@chromium.org - https://pdfium.googlesource.com/pdfium/+/5ee10423d237c5bd22b8db6fe6d7b53edd0906dc

Fix backspace on 1st character of a line erases the line break. by hnakashima@chromium.org - https://pdfium.googlesource.com/pdfium/+/f54ea0f44d53a6b1b3c4cb2c3a3285149510cccc

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.

hnakashima@ can you take a look? You've been poking at the text edit engine.

Further bisect shows this is not a regression. There was another issue hiding it:

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../third_party/pdfium/third_party/agg23/agg_rasterizer_scanline_aa.h:352:52 in 
New crash type: Undefined-shift
New crash state:
  bool agg::rasterizer_scanline_aa::sweep_scanline<agg::scanline_u<unsigned char> >
  void agg::render_scanlines<agg::rasterizer_scanline_aa, agg::scanline_u<unsigned char>, CFX_Renderer>
  CFX_AggDeviceDriver::RenderRasterizer

Original crash type: Integer-overflow
Original crash state:
  CFX_TxtBreak::AppendChar_Others
  CFX_TxtBreak::AppendChar
  CFDE_TextEditEngine::RebuildPieces

That got fixed by Tom's https://pdfium-review.googlesource.com/31370 (Fix undefined behavior in AGG.) and revealed this issue.

+Tom just fyi

It's actually Lei's CL, I swapped reviewer and author, sorry.

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium/+/f213df4a87ede709db1f311bbad3c68fbccf159c

commit f213df4a87ede709db1f311bbad3c68fbccf159c
Author: Henrique Nakashima <hnakashima@chromium.org>
Date: Mon Apr 30 20:01:33 2018

Fix Integer-overflow in CFX_TxtBreak::AppendChar_Others

Bug:  chromium:838095 
Change-Id: I6fbb67ad763800eb45fb3c84f909f74e238748e0
Reviewed-on: https://pdfium-review.googlesource.com/31750
Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>

[modify] https://crrev.com/f213df4a87ede709db1f311bbad3c68fbccf159c/xfa/fgas/layout/cfx_txtbreak.cpp

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium/+/39e7e610d8d697f05134890446caf4101539a032

commit 39e7e610d8d697f05134890446caf4101539a032
Author: Henrique Nakashima <hnakashima@chromium.org>
Date: Mon Apr 30 21:47:12 2018

Fix more possible integer overflows in CFX_TxtBreak.

Bug:  chromium:838095 
Change-Id: I9b5edefbff9f84b9b913ab4387a7df2588e203fb
Reviewed-on: https://pdfium-review.googlesource.com/31751
Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>

[modify] https://crrev.com/39e7e610d8d697f05134890446caf4101539a032/xfa/fgas/layout/cfx_txtbreak.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/89c60972ed9d7ee37312d9a615f60b214590930f

commit 89c60972ed9d7ee37312d9a615f60b214590930f
Author: pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Date: Mon Apr 30 23:49:22 2018

Roll src/third_party/pdfium/ 94161d59f..3d3c2dea9 (6 commits)

https://pdfium.googlesource.com/pdfium.git/+log/94161d59fd3c..3d3c2dea9fcb

$ git log 94161d59f..3d3c2dea9 --date=short --no-merges --format='%ad %ae %s'
2018-04-30 hnakashima Change out parameter of CFGAS_GEFont::GetCharWidth to pointer.
2018-04-30 hnakashima Fix more possible integer overflows in CFX_TxtBreak.
2018-04-30 thestig Simplify Unicode_GetNormalization() and caller.
2018-04-30 thestig Fix some nits in CPDF_TextPage.
2018-04-30 tsepez Saner memory managment in cttfontdesc, part 1.
2018-04-30 hnakashima Fix Integer-overflow in CFX_TxtBreak::AppendChar_Others

Created with:
  roll-dep src/third_party/pdfium
BUG= chromium:838095 , chromium:838095 


The AutoRoll server is located here: https://pdfium-roll.skia.org

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, please contact the current sheriff, who should
be CC'd on the roll, and stop the roller if necessary.


TBR=dsinclair@chromium.org

Change-Id: I933854bcd53e2eaef72c4dd112c012de1090b99c
Reviewed-on: https://chromium-review.googlesource.com/1036454
Reviewed-by: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Commit-Queue: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#554927}
[modify] https://crrev.com/89c60972ed9d7ee37312d9a615f60b214590930f/DEPS

ClusterFuzz has detected this issue as fixed in range 554917:554929.

Detailed report: https://clusterfuzz.com/testcase?key=4719493197332480

Fuzzer: libFuzzer_pdfium_xfa_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  CFX_TxtBreak::AppendChar_Others
  CFX_TxtBreak::AppendChar
  CFDE_TextEditEngine::RebuildPieces
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=554549:554567
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=554917:554929

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4719493197332480

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4719493197332480 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium/+/b5902c78075141d9d569a463486d20ccabd78a2d

commit b5902c78075141d9d569a463486d20ccabd78a2d
Author: Henrique Nakashima <hnakashima@chromium.org>
Date: Tue May 01 15:50:53 2018

Fix possible integer overflows in CFX_RTFBreak.

Bug:  chromium:838095 
Change-Id: I21de7cf88c995446049faa3d688a286faa117868
Reviewed-on: https://pdfium-review.googlesource.com/31754
Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>

[modify] https://crrev.com/b5902c78075141d9d569a463486d20ccabd78a2d/xfa/fgas/layout/cfx_rtfbreak.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a384e202d957bed00432b4880d1c54811b622827

commit a384e202d957bed00432b4880d1c54811b622827
Author: pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Date: Tue May 01 19:07:28 2018

Roll src/third_party/pdfium/ ea603b9f0..b5902c780 (2 commits)

https://pdfium.googlesource.com/pdfium.git/+log/ea603b9f0baf..b5902c780751

$ git log ea603b9f0..b5902c780 --date=short --no-merges --format='%ad %ae %s'
2018-05-01 hnakashima Fix possible integer overflows in CFX_RTFBreak.
2018-05-01 thestig Add struct CJBig2_GRDProc::ProgressiveArithDecodeState.

Created with:
  roll-dep src/third_party/pdfium
BUG= chromium:838095 


The AutoRoll server is located here: https://pdfium-roll.skia.org

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, please contact the current sheriff, who should
be CC'd on the roll, and stop the roller if necessary.


TBR=dsinclair@chromium.org

Change-Id: I0b6eee2a9f50d795a803b5dac8dfeea010c07e68
Reviewed-on: https://chromium-review.googlesource.com/1036940
Commit-Queue: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Reviewed-by: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#555131}
[modify] https://crrev.com/a384e202d957bed00432b4880d1c54811b622827/DEPS