The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium.git/+/07f5fd57682700bcbba20f01d52a806676fd02ff

commit 07f5fd57682700bcbba20f01d52a806676fd02ff
Author: dsinclair <dsinclair@chromium.org>
Date: Mon Aug 29 22:43:28 2016

Skip the channel if there is no data.

The JPX decoder needs to verify there is data associated with an image channel
before access. This was already done in one side of the if() but seems to be
missing from the other.

This Cl updates the loop to check the existance of channel data and to continue
iteration if none found.

BUG= chromium:637232 

Review-Url: https://codereview.chromium.org/2291813002

[modify] https://crrev.com/07f5fd57682700bcbba20f01d52a806676fd02ff/core/fxcodec/codec/fx_codec_jpx_opj.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b80d9eb6c3b98e374b2f8eef570094d66b3406ba

commit b80d9eb6c3b98e374b2f8eef570094d66b3406ba
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Tue Aug 30 05:03:50 2016

Roll src/third_party/pdfium/ 548ea2f7d..35512aa7e (14 commits).

https://pdfium.googlesource.com/pdfium.git/+log/548ea2f7d083..35512aa7e4ac

$ git log 548ea2f7d..35512aa7e --date=short --no-merges --format='%ad %ae %s'
2016-08-29 jaepark Display content of the annotation when mouse hover.
2016-08-29 dsinclair Skip the channel if there is no data.
2016-08-29 tsepez Revert "Add -> operators to CFX_CountRef."
2016-08-29 tsepez Revert "Replace wrapper methods in CPDF_Path with -> operator."
2016-08-29 tsepez Revert "Use ->() in CPDF_ColorState"
2016-08-29 tracy_jiang Fix for #618267. Adding a method to determine if multiplication has overflow.
2016-08-29 dsinclair Verify element exists before accessing.
2016-08-29 tsepez Use ->() in CPDF_ColorState
2016-08-29 stackexploit openjpeg: Prevent an integer overflow in opj_jp2_apply_pclr.
2016-08-29 dsinclair Initialize the CPDF_Document pointer
2016-08-29 tsepez Replace wrapper methods in CPDF_Path with -> operator.
2016-08-29 thestig Add some limit checks to ReadSharedObjHintTable().
2016-08-29 npm Move CFX_SubstFont and CTTFontDesc into their own files
2016-08-29 tonikitoo Fix the test case added in https://codereview.chromium.org/2277063003/

BUG= 62625 , 637232 ,618267, 641076 ,638829, 640998 , 641444 

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2293733002
Cr-Commit-Position: refs/heads/master@{#415132}

[modify] https://crrev.com/b80d9eb6c3b98e374b2f8eef570094d66b3406ba/DEPS

ClusterFuzz has detected this issue as fixed in range 415074:415243.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5804094059184128

Fuzzer: afl_pdf_jpx_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  CJPX_Decoder::Decode
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=402185:402404
Fixed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=415074:415243

Minimized Testcase (0.25 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96LQ2BuMhBSHror10i16AzdvD2jeeWoPGV-S3Sfn3aQWdQ-YzEcvJDlue9_uc_Jb98EWr025-cPBlyUMQMNBvT938EnuosWtHVKycyDQeEUKNKEbn1juiA3lfljbrZd3bPnPoKgbyURsxMcbCEjrVcQ-NjRDg?testcase_id=5804094059184128

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot