Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Automatically adding ccs based on suspected regression changelists:

[truetype] Fix metrics of B/W hinting in v40 mode. by madigens@gmail.com - https://chromium.googlesource.com/chromium/src/third_party/freetype2/+/24e256ab005c68a3894845ef3b7764338f9442a4

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.

I cannot access the test case even though I am logged in? Seems like my commit there re-enabled a code path that was susceptible to UB.

Bisected to https://chromium-review.googlesource.com/628521 - Roll src/third_party/freetype/src/ 7e5082428..f2e121ab1 (10 commits)

Werner, are you aware of this issue already?

The offending stack trace is:
../../third_party/freetype/src/src/truetype/ttgload.c:2163:49: runtime error: signed integer overflow: -16128 - 9223372036854759681 cannot be represented in type 'long'
     #0 0x55ebef2815e0 in compute_glyph_metrics third_party/freetype/src/src/truetype/ttgload.c:2163:49
     #1 0x55ebef27df3d in TT_Load_Glyph third_party/freetype/src/src/truetype/ttgload.c:2914:15
     #2 0x55ebef1c8f38 in FT_Load_Glyph third_party/freetype/src/src/base/ftobjs.c:949:15
    #3 0x55ebef479591 in CFX_Font::GetGlyphWidth(unsigned int) third_party/pdfium/core/fxge/cfx_font.cpp:368:13

Filed as https://savannah.nongnu.org/bugs/index.php?55103

A patch has been created. Waiting for upstream to land a fix and will then roll into Chromium.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1060a6eea4f3442577a8a9a938955e967988152c

commit 1060a6eea4f3442577a8a9a938955e967988152c
Author: Dominik Röttsches <drott@chromium.org>
Date: Wed Nov 28 15:24:38 2018

Roll src/third_party/freetype/src/ fb0d66d04..3dd4e76b1 (14 commits)

https://chromium.googlesource.com/chromium/src/third_party/freetype2.git/+log/fb0d66d04c4d..3dd4e76b19f3

$ git log fb0d66d04..3dd4e76b1 --date=short --no-merges --format='%ad %ae %s'
2018-11-27 apodtele * builds/windows/vc2010/freetype.vcxproj: Simplify.
2018-11-27 chris.liddell [type1,cff] Add FT_{Set,Get}_MM_WeightVector API calls.
2018-11-27 bungeman [cff] Fix compiler warning (#55105).
2018-11-27 bungeman [truetype] Fix numeric overflow (#55103).
2018-11-25 apodtele [builds] Belated DLL support with vc2002-vc2008.
2018-11-22 prince.cherusker * src/cff/cffparse.c: Please the compiler.
2018-11-22 prince.cherusker [cff] Fix memory overflow.
2018-11-18 apodtele * builds/windows/{visualc,vc2005,vc2008}/freetype.vcproj: Fix it.
2018-11-10 apodtele Clarification.
2018-11-10 apodtele [smooth] Placeholder only for library-enabled LCD filtering.
2018-11-09 wl [psaux] Add safety guard (#54985).
2018-11-08 apodtele * builds/unix/configure.raw: Require `windows.h' for windres.
2018-11-08 apodtele [ftstroke] Fix unpredictable failures (#54986).
2018-11-08 apodtele [ftstroke] Fix unpredictable failures (#54976).

Created with:
  roll-dep src/third_party/freetype/src
R=bungeman@chromium.org,drott@chromium.org

CQ_INCLUDE_TRYBOTS=luci.chromium.try:linux_chromium_msan_rel_ng

PDFium-Issue:  pdfium:1196 
Bug:  907670 
Change-Id: Ic23ebcc22837b6d4b85d19b4b84159faffedd66d
Reviewed-on: https://chromium-review.googlesource.com/c/1353890
Commit-Queue: Ben Wagner <bungeman@chromium.org>
Reviewed-by: Ben Wagner <bungeman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#611700}
[modify] https://crrev.com/1060a6eea4f3442577a8a9a938955e967988152c/DEPS
[modify] https://crrev.com/1060a6eea4f3442577a8a9a938955e967988152c/third_party/freetype/README.chromium

Thanks for the fix, Ben!

ClusterFuzz has detected this issue as fixed in range 611695:611708.

Detailed report: https://clusterfuzz.com/testcase?key=6281531716534272

Fuzzer: libFuzzer_pdf_font_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  compute_glyph_metrics
  TT_Load_Glyph
  FT_Load_Glyph
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=500968:501035
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=611695:611708

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6281531716534272

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6281531716534272 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.