This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Is this  bug 651849  or something different? I wonder why it keeps popping up.

This is not dup. I have a CL under review https://codereview.chromium.org/2407113002/

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium.git/+/d2023170190b4eb278054fd84765412c1a6ccddd

commit d2023170190b4eb278054fd84765412c1a6ccddd
Author: kcwu <kcwu@chromium.org>
Date: Tue Oct 11 14:50:37 2016

Fix cmdStageAllocMatrix parameter swap again

This is fixup of 958e57cb.

BUG= chromium:651849 , chromium:654198 

Review-Url: https://codereview.chromium.org/2407113002

[modify] https://crrev.com/d2023170190b4eb278054fd84765412c1a6ccddd/third_party/lcms2-2.6/0009-cmdStageAllocMatrix-param-swap.patch
[modify] https://crrev.com/d2023170190b4eb278054fd84765412c1a6ccddd/third_party/lcms2-2.6/src/cmslut.c

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/06643fd50e35580f7ef43bd29d07b0f9b4423f0e

commit 06643fd50e35580f7ef43bd29d07b0f9b4423f0e
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Tue Oct 11 16:35:36 2016

Roll src/third_party/pdfium/ 10a285391..d20231701 (1 commit).

https://pdfium.googlesource.com/pdfium.git/+log/10a285391c74..d2023170190b

$ git log 10a285391..d20231701 --date=short --no-merges --format='%ad %ae %s'
2016-10-11 kcwu Fix cmdStageAllocMatrix parameter swap again

BUG= 651849 , 654198 

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2405253002
Cr-Commit-Position: refs/heads/master@{#424452}

[modify] https://crrev.com/06643fd50e35580f7ef43bd29d07b0f9b4423f0e/DEPS

ClusterFuzz has detected this issue as fixed in range 424448:424536.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5496798984798208

Fuzzer: libfuzzer_pdf_codec_icc_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  EvalSegmentedFn
  cmsEvalToneCurveFloat
  EvaluateCurves
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=423055:423091
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=424448:424536

Minimized Testcase (0.26 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97_AKNzkW8YXX0aJPco1-bJpiKIqlXcKzvMD9Cfqm8LmOM6l0NM2rBiyPadf0nqAbihEY_xScmq_B0BehwjZvCYXVYWkCYNt-Fdrypa05KUQ3motAiGP6TiEGs62enXZ84StBw4yuR3PIubzDdq1dcE7hxdBw?testcase_id=5496798984798208

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium.git/+/522ed14ce8cf39e5e6fc1a58099edd4f849b7fb8

commit 522ed14ce8cf39e5e6fc1a58099edd4f849b7fb8
Author: kcwu <kcwu@chromium.org>
Date: Mon Oct 17 13:37:25 2016

lcms: Revise previous cmsStageAllocMatrix fix

Also fixed wrong patch file name.
This is fixup of 958e57cb and d2023170

TEST=apply this change in lcms' repo and make check
BUG= chromium:651849 , chromium:654198 

Review-Url: https://codereview.chromium.org/2424803002

[delete] https://crrev.com/85fcf94eeae589641213c4301bbb16b44b10a282/third_party/lcms2-2.6/0009-cmdStageAllocMatrix-param-swap.patch
[add] https://crrev.com/522ed14ce8cf39e5e6fc1a58099edd4f849b7fb8/third_party/lcms2-2.6/0009-cmsStageAllocMatrix-param-swap.patch
[modify] https://crrev.com/522ed14ce8cf39e5e6fc1a58099edd4f849b7fb8/third_party/lcms2-2.6/README.pdfium
[modify] https://crrev.com/522ed14ce8cf39e5e6fc1a58099edd4f849b7fb8/third_party/lcms2-2.6/src/cmslut.c
[modify] https://crrev.com/522ed14ce8cf39e5e6fc1a58099edd4f849b7fb8/third_party/lcms2-2.6/src/cmstypes.c

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium.git/+/522ed14ce8cf39e5e6fc1a58099edd4f849b7fb8

commit 522ed14ce8cf39e5e6fc1a58099edd4f849b7fb8
Author: kcwu <kcwu@chromium.org>
Date: Mon Oct 17 13:37:25 2016

lcms: Revise previous cmsStageAllocMatrix fix

Also fixed wrong patch file name.
This is fixup of 958e57cb and d2023170

TEST=apply this change in lcms' repo and make check
BUG= chromium:651849 , chromium:654198 

Review-Url: https://codereview.chromium.org/2424803002

[delete] https://crrev.com/85fcf94eeae589641213c4301bbb16b44b10a282/third_party/lcms2-2.6/0009-cmdStageAllocMatrix-param-swap.patch
[add] https://crrev.com/522ed14ce8cf39e5e6fc1a58099edd4f849b7fb8/third_party/lcms2-2.6/0009-cmsStageAllocMatrix-param-swap.patch
[modify] https://crrev.com/522ed14ce8cf39e5e6fc1a58099edd4f849b7fb8/third_party/lcms2-2.6/README.pdfium
[modify] https://crrev.com/522ed14ce8cf39e5e6fc1a58099edd4f849b7fb8/third_party/lcms2-2.6/src/cmslut.c
[modify] https://crrev.com/522ed14ce8cf39e5e6fc1a58099edd4f849b7fb8/third_party/lcms2-2.6/src/cmstypes.c

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4f9b41f13da493b9ee0d488178192144507480bf

commit 4f9b41f13da493b9ee0d488178192144507480bf
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Mon Oct 17 15:11:49 2016

Roll src/third_party/pdfium/ 85fcf94ee..522ed14ce (1 commit).

https://pdfium.googlesource.com/pdfium.git/+log/85fcf94eeae5..522ed14ce8cf

$ git log 85fcf94ee..522ed14ce --date=short --no-merges --format='%ad %ae %s'
2016-10-17 kcwu lcms: Revise previous cmsStageAllocMatrix fix

BUG= 651849 , 654198 

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2427683002
Cr-Commit-Position: refs/heads/master@{#425680}

[modify] https://crrev.com/4f9b41f13da493b9ee0d488178192144507480bf/DEPS

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot