tsepez: Are you able to take a look at this?

This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug is reported as M55 Beta blocker.Please try to resolve this before M55 branch on Oct 6th,2016 so it has enough baking time in Dev.

A friendly reminder that M55 Beta launch is coming soon! Your bug is labelled as Beta ReleaseBlock, pls make sure to land the fix ASAP. Thank you.

kcwu has been fixing these lately!

fixed by CL of 651849

ClusterFuzz has detected this issue as fixed in range 422996:423075.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6739115959910400

Fuzzer: afl_pdf_codec_icc_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 8
Crash Address: 0x6050000004f8
Crash State:
  cmsStageAllocMatrix
  Type_MPEmatrix_Read
  ReadMPEElem
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=420425:420578
Fixed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=422996:423075

Minimized Testcase (0.45 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96-fBDk8OE85HP8RIeW8G2Dp5ydtZJH_awW4grFit58LnrddsJ68GtkJc96fZaXmyE2KAuyvSxk2BXhGOiXBawd-yLYkrfSGM2DiSjSBQ4yfHwo9KUFshSsCOurMEXOCy-8rgbpC79YJr76KU7GqvOA5Sxdog?testcase_id=6739115959910400

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot