ClusterFuzz is analyzing your testcase. Developers can follow the progress at https://clusterfuzz.com/testcase?key=5690715959721984.

ClusterFuzz is analyzing your testcase. Developers can follow the progress at https://clusterfuzz.com/testcase?key=6737246909366272.

I've confirmed this locally in an msan build but it just seems like a null dereference to me.

dsinclair: Would you mind taking a look at this? I'll remove this from the security queue soon if there are no objections.

CXFA_LocaleValue::m_pLocaleMgr is a nullptr.

 Issue 868669  has been merged into this issue.

Testcase 5690715959721984 failed to reproduce the crash. Please inspect the program output at https://clusterfuzz.com/testcase?key=5690715959721984.

Testcase 6737246909366272 failed to reproduce the crash. Please inspect the program output at https://clusterfuzz.com/testcase?key=6737246909366272.

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium/+/0ac36018b464f74419b8b8e77d9452b41440187a

commit 0ac36018b464f74419b8b8e77d9452b41440187a
Author: Lei Zhang <thestig@chromium.org>
Date: Wed Aug 01 08:13:55 2018

Fix a nullptr crash in CXFA_LocaleValue::ValidateValue().

Fix some nits as well.

BUG= chromium:868271 

Change-Id: Ia3231fde98c3e16e41b092a9833402cedc8e828d
Reviewed-on: https://pdfium-review.googlesource.com/39112
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>

[modify] https://crrev.com/0ac36018b464f74419b8b8e77d9452b41440187a/xfa/fxfa/parser/cxfa_localevalue.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f016c04f442423826b51f961c4b2e15069036cdb

commit f016c04f442423826b51f961c4b2e15069036cdb
Author: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Date: Wed Aug 01 09:59:51 2018

Roll src/third_party/pdfium 53d4f0a4526e..d4906e83d313 (2 commits)

https://pdfium.googlesource.com/pdfium.git/+log/53d4f0a4526e..d4906e83d313


git log 53d4f0a4526e..d4906e83d313 --date=short --no-merges --format='%ad %ae %s'
2018-08-01 thestig@chromium.org Combine date/time format methods in CFXJSE_FormCalcContext.
2018-08-01 thestig@chromium.org Fix a nullptr crash in CXFA_LocaleValue::ValidateValue().


Created with:
  gclient setdep -r src/third_party/pdfium@d4906e83d313

The AutoRoll server is located here: https://pdfium-roll.skia.org

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, please contact the current sheriff, who should
be CC'd on the roll, and stop the roller if necessary.



BUG= chromium:868271 
TBR=dsinclair@chromium.org

Change-Id: If30315876994c44b83e73e920811987e45fd323b
Reviewed-on: https://chromium-review.googlesource.com/1158127
Reviewed-by: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Commit-Queue: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#579744}
[modify] https://crrev.com/f016c04f442423826b51f961c4b2e15069036cdb/DEPS

ClusterFuzz testcase 6066354202083328 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.