Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://pdfium.googlesource.com/pdfium/+/16d18d935d055b74e05f615c0325318a329a7fe1 (Use span<uint8_t> in more fxcodec code.).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Not RBS.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/80705093bddd4300369f6cef57c1f964ecabed4e

commit 80705093bddd4300369f6cef57c1f964ecabed4e
Author: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com>
Date: Wed Oct 10 21:07:48 2018

Roll src/third_party/pdfium b3a0fc301020..734868193330 (12 commits)

https://pdfium.googlesource.com/pdfium.git/+log/b3a0fc301020..734868193330


git log b3a0fc301020..734868193330 --date=short --no-merges --format='%ad %ae %s'
2018-10-10 hnakashima@chromium.org Document image comparison with safetynet_compare.py.
2018-10-10 thestig@chromium.org Add Observable::ObservedPtr::HasObservable().
2018-10-10 thestig@chromium.org Get rid of non-const ref parameter in CPDFSDK_InterForm::OnFormat().
2018-10-10 thestig@chromium.org Use pdfium::Optional in CPDFSDK_Widget.
2018-10-10 thestig@chromium.org Remove impossible nullptr checks in CPDFSDK_InterForm.
2018-10-10 tsepez@chromium.org Fix dangling reference in CFX_CodecMemory.
2018-10-10 thestig@chromium.org Remove non-const ref parameters in CPDF_IconFit.
2018-10-10 thestig@chromium.org Simplify some object rect calculations.
2018-10-10 thestig@chromium.org Fix some random nits.
2018-10-10 tsepez@chromium.org Better test FPDFAction_* public functions.
2018-10-10 tsepez@chromium.org Use std::vector in ccodec_faxmodule.cpp
2018-10-10 hnakashima@chromium.org Document how to setup safetynet_job.py nightly.


Created with:
  gclient setdep -r src/third_party/pdfium@734868193330

The AutoRoll server is located here: https://autoroll.skia.org/r/pdfium-autoroll

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, please contact the current sheriff, who should
be CC'd on the roll, and stop the roller if necessary.



BUG= chromium:879512 
TBR=dsinclair@chromium.org

Change-Id: I049b9c0d8a80d1afe3f0d358d6d4d8cfc32c9199
Reviewed-on: https://chromium-review.googlesource.com/c/1274011
Reviewed-by: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com>
Commit-Queue: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#598501}
[modify] https://crrev.com/80705093bddd4300369f6cef57c1f964ecabed4e/DEPS

ClusterFuzz has detected this issue as fixed in range 598498:598513.

Detailed report: https://clusterfuzz.com/testcase?key=5883191639146496

Fuzzer: libFuzzer_pdf_codec_gif_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: Heap-use-after-free READ 1
Crash Address: 0x621000003d00
Crash State:
  fxcrt::UnownedPtr<unsigned char>::ProbeForLowSeverityLifetimeIssue
  fxcrt::UnownedPtr<unsigned char>::~UnownedPtr
  pdfium::span<unsigned char>::~span
  
Sanitizer: address (ASAN)

Recommended Security Severity: High

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=586043:586054
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=598498:598513

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5883191639146496

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5883191639146496 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot