Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://pdfium.googlesource.com/pdfium/+/8d8d3bc54593d2d86054d59669b86a959ec0b602 (Fix dangling reference in CFX_CodecMemory.).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5817b2f8c0d0e184e78bebb8b343688154df5856

commit 5817b2f8c0d0e184e78bebb8b343688154df5856
Author: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com>
Date: Tue Oct 16 03:36:14 2018

Roll src/third_party/pdfium 7c39bf7b87f8..1929d6e1d44e (16 commits)

https://pdfium.googlesource.com/pdfium.git/+log/7c39bf7b87f8..1929d6e1d44e


git log 7c39bf7b87f8..1929d6e1d44e --date=short --no-merges --format='%ad %ae %s'
2018-10-15 thestig@chromium.org Split pdfium_embeddertests sources.
2018-10-15 thestig@chromium.org Move fx_skia_device_unittest.cpp to pdfium_embeddertests.
2018-10-15 thestig@chromium.org Split pdfium_unittests sources.
2018-10-15 thestig@chromium.org Split public/ headers into their own source_set.
2018-10-15 thestig@chromium.org Restrict fxcrt's visibility to third_party.
2018-10-15 tsepez@chromium.org Clone dict before iteration in CJS_Document::get_info
2018-10-15 xlou@chromium.org Use CropBox instead of ArtBox or TrimBox
2018-10-15 tsepez@chromium.org Convert %s -> %ls for wide string error format.
2018-10-15 thestig@chromium.org Make core/ pass gn check.
2018-10-15 thestig@chromium.org Use more UnownedPtr in CPDF_FormControl.
2018-10-15 thestig@chromium.org Move CPDF_ModuleMgr methods into cpdf_modulemgr.cpp.
2018-10-15 thestig@chromium.org Make ":pdfium" pass gn check.
2018-10-15 tsepez@chromium.org Stop shadowing codec memory size with CCodec_ProgressiveDecoder::m_SrcSize
2018-10-15 thestig@chromium.org Make fxjs/ pass gn check.
2018-10-15 thestig@chromium.org Make fpdfsdk/ pass gn check.
2018-10-15 thestig@chromium.org Make xfa/ pass gn check.


Created with:
  gclient setdep -r src/third_party/pdfium@1929d6e1d44e

The AutoRoll server is located here: https://autoroll.skia.org/r/pdfium-autoroll

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, please contact the current sheriff, who should
be CC'd on the roll, and stop the roller if necessary.



BUG=chromium:895152, chromium:409670 , chromium:895009 
TBR=dsinclair@chromium.org

Change-Id: I95c8a745294172817f98cc2e21f0110bd5b978cf
Reviewed-on: https://chromium-review.googlesource.com/c/1282322
Reviewed-by: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com>
Commit-Queue: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#599835}
[modify] https://crrev.com/5817b2f8c0d0e184e78bebb8b343688154df5856/DEPS

ClusterFuzz has detected this issue as fixed in range 599827:599848.

Detailed report: https://clusterfuzz.com/testcase?key=5181233636835328

Fuzzer: libFuzzer_pdf_codec_gif_fuzzer
Job Type: windows_libfuzzer_chrome_asan
Platform Id: windows

Crash Type: Negative-size-param
Crash Address: 
Crash State:
  CFX_CodecMemory::Consume
  CCodec_ProgressiveDecoder::ReadMoreData
  CCodec_ProgressiveDecoder::GifContinueDecode
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_libfuzzer_chrome_asan&range=598479:598538
Fixed: https://clusterfuzz.com/revisions?job=windows_libfuzzer_chrome_asan&range=599827:599848

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5181233636835328

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5181233636835328 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

ClusterFuzz has detected this issue as fixed in range 599827:599848.

Detailed report: https://clusterfuzz.com/testcase?key=5181233636835328

Fuzzer: libFuzzer_pdf_codec_gif_fuzzer
Job Type: windows_libfuzzer_chrome_asan
Platform Id: windows

Crash Type: Negative-size-param
Crash Address: 
Crash State:
  CFX_CodecMemory::Consume
  CCodec_ProgressiveDecoder::ReadMoreData
  CCodec_ProgressiveDecoder::GifContinueDecode
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_libfuzzer_chrome_asan&range=598479:598538
Fixed: https://clusterfuzz.com/revisions?job=windows_libfuzzer_chrome_asan&range=599827:599848

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5181233636835328

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 599827:599848.

Detailed report: https://clusterfuzz.com/testcase?key=5181233636835328

Fuzzer: libFuzzer_pdf_codec_gif_fuzzer
Job Type: windows_libfuzzer_chrome_asan
Platform Id: windows

Crash Type: Negative-size-param
Crash Address: 
Crash State:
  CFX_CodecMemory::Consume
  CCodec_ProgressiveDecoder::ReadMoreData
  CCodec_ProgressiveDecoder::GifContinueDecode
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_libfuzzer_chrome_asan&range=598479:598538
Fixed: https://clusterfuzz.com/revisions?job=windows_libfuzzer_chrome_asan&range=599827:599848

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5181233636835328

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug requires manual review: DEPS changes referenced in bugdroid comments.
Please contact the milestone owner if you have questions.
Owners: benmason@(Android), kariahda@(iOS), kbleicher@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

+awhalley@ (Security TPM) for M71 merge review.

@govind - good for 71

Approving merge to M71 branch 3578 based on comment #15. Please merge ASAP. Thank you.

https://pdfium-review.googlesource.com/c/pdfium/+/45314 is the merge CL.

Re #18: Pls remove "Merge-Approved-71" label and apply "Merge-merged-71" label if all is done for M71. Thank you.

FWIW, if the "Bug:" line in the merge CL contained "chromium:895009" then Bugdroid would have picked it up and set the Merge-Merged label automatically.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot