Assigning to kcwu@ as an author of the fuzzer. Could you please help to triage this?

This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Clusterfuzz things the regression was caused by this change:

https://pdfium.googlesource.com/pdfium.git/+/39ee9dfac1c6d286a4075c7e2435fe1cfe365bad

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6472318111186944

Fuzzer: libfuzzer_radamsa_pdf_codec_icc_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x6112000011c0
Crash State:
  Eval1InputFloat
  _LUTevalFloat
  XFormSampler16
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=420440:420580

Minimized Testcase (1.98 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95lkfcVw9gTX3U6yBgRkfcGw7G1yqY0QquTWIIVk53ui8w7pdtP4V6EC2EL47YH2G157jCWY7Qkdj3ssN8n3JHl0QaYFz5xlyXyBpd0bIVT4ByiVMSAHnl_ZQOUCvljnBHp9P08B9jHNulChGDEUHJVS4Oh_Q?testcase_id=6472318111186944

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5338003289669632

Fuzzer: libfuzzer_pdf_codec_icc_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 4
Crash Address: 0x606e00000560
Crash State:
  LinLerp1Dfloat
  EvaluateCLUTfloat
  _LUTevalFloat
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=420535:420584

Minimized Testcase (0.39 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97A9X5E75if22lwA3w-TdadwXa2FgQHMMspQom6D7MI-1zLGFOxufgbOGkLA__3-ANE9_TP9LCJ17MM1jmSaUKHJKBjxMeWOu6NfajU-lIQm5jnsC25Z0gcbA0hJ5uOtnaXRsgeiG0RyCnAluhcvV1L7quyBw?testcase_id=5338003289669632

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

re #7, this is not regression by the said change.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6437793972879360

Fuzzer: libfuzzer_radamsa_pdf_codec_icc_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 4
Crash Address: 0x606e000006b0
Crash State:
  LinLerp1Dfloat
  _LUTevalFloat
  XFormSampler16
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=420440:420580

Minimized Testcase (0.45 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97rlGMESZyPiGtmcHysCMoX5WOvyyi68_rkFBj1x6xjQknLT44K57gZv7jLM8axCH9Z2GXRXulXgwLu97dNXXo5A6-XpMZij_s2ygyuhSXneAsmwOU6xLSttHspNK7K6vZrkNV8C9_pZA9Kv5N5nOPPJsL3yw?testcase_id=6437793972879360

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

https://codereview.chromium.org/2422553002/

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/8865fffa42fb34efea79a47f5912fab11fa60c48

commit 8865fffa42fb34efea79a47f5912fab11fa60c48
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Mon Oct 17 14:14:50 2016

Roll src/third_party/pdfium/ 05923132a..85fcf94ee (1 commit).

https://pdfium.googlesource.com/pdfium.git/+log/05923132ae08..85fcf94eeae5

$ git log 05923132a..85fcf94ee --date=short --no-merges --format='%ad %ae %s'
2016-10-17 kcwu lcms: reject NaN when reading float numbers

BUG= 654676 

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2421223004
Cr-Commit-Position: refs/heads/master@{#425675}

[modify] https://crrev.com/8865fffa42fb34efea79a47f5912fab11fa60c48/DEPS

ClusterFuzz has detected this issue as fixed in range 425659:425678.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5598555215757312

Fuzzer: libfuzzer_pdf_codec_icc_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x602e00000530
Crash State:
  LinLerp1Dfloat
  EvaluateCLUTfloat
  _LUTevalFloat
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=420535:420584
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=425659:425678

Minimized Testcase (0.26 Kb): https://cluster-fuzz.appspot.com/download/AMIfv9439MxG39mdhFBD5hbidYO_uW4E0ikkRf5LInM97bUHpQWoeYYZ07IPPwPmRFhpHAXvmrju2qNRHfZ5iDNMstITKZW8Rnbq41zluxw6qiKMUWmomNZyZ0ah7t2EXectR_KWBAJPKO5gExbEhxtYNSeAyUHLnw?testcase_id=5598555215757312

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 425659:425678.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5338003289669632

Fuzzer: libfuzzer_pdf_codec_icc_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 4
Crash Address: 0x606e00000560
Crash State:
  LinLerp1Dfloat
  EvaluateCLUTfloat
  _LUTevalFloat
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=420535:420584
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=425659:425678

Minimized Testcase (0.39 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97A9X5E75if22lwA3w-TdadwXa2FgQHMMspQom6D7MI-1zLGFOxufgbOGkLA__3-ANE9_TP9LCJ17MM1jmSaUKHJKBjxMeWOu6NfajU-lIQm5jnsC25Z0gcbA0hJ5uOtnaXRsgeiG0RyCnAluhcvV1L7quyBw?testcase_id=5338003289669632

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 425668:425682.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6472318111186944

Fuzzer: libfuzzer_radamsa_pdf_codec_icc_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x6112000011c0
Crash State:
  Eval1InputFloat
  _LUTevalFloat
  XFormSampler16
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=420440:420580
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=425668:425682

Minimized Testcase (1.98 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95lkfcVw9gTX3U6yBgRkfcGw7G1yqY0QquTWIIVk53ui8w7pdtP4V6EC2EL47YH2G157jCWY7Qkdj3ssN8n3JHl0QaYFz5xlyXyBpd0bIVT4ByiVMSAHnl_ZQOUCvljnBHp9P08B9jHNulChGDEUHJVS4Oh_Q?testcase_id=6472318111186944

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 425668:425682.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6437793972879360

Fuzzer: libfuzzer_radamsa_pdf_codec_icc_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 4
Crash Address: 0x606e000006b0
Crash State:
  LinLerp1Dfloat
  _LUTevalFloat
  XFormSampler16
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=420440:420580
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=425668:425682

Minimized Testcase (0.45 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97rlGMESZyPiGtmcHysCMoX5WOvyyi68_rkFBj1x6xjQknLT44K57gZv7jLM8axCH9Z2GXRXulXgwLu97dNXXo5A6-XpMZij_s2ygyuhSXneAsmwOU6xLSttHspNK7K6vZrkNV8C9_pZA9Kv5N5nOPPJsL3yw?testcase_id=6437793972879360

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

[Automated comment] DEPS changes referenced in bugdroid comments, needs manual review.

Approving merge to M55 branch 2883 based on comment #18 and as requested by  awhalley@. Please merge before 4:00 PM PT Monday (10/31/16) so we can take for next week beta release. Thank you.

Also does this require a merge to M54?

kcwu: Someone else on the team can do the merge, but if you want to, I can walk you through the process. Though we'll have to pick a time next week to settle the TZ difference.

**** Bulk edit -  please ignore if not applicable ****

Please merge your change to M55 branch 2883 today before 5:00 PM PT or latest by tomorrow, Tuesday (11/01/16) 4:00 PM PT so we can take it for this week Beta release. 

I'm merging...

The following revision refers to this bug:
  https://chrome-internal.googlesource.com/chrome/tools/buildspec/+/7b02d911eb5f704f3a18668b934938f58f23f72d

commit 7b02d911eb5f704f3a18668b934938f58f23f72d
Author: Lei Zhang <thestig@google.com>
Date: Mon Oct 31 21:10:10 2016

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium.git/+/413e3518ce390860cb5560720e5fba3ca7c8f764

commit 413e3518ce390860cb5560720e5fba3ca7c8f764
Author: kcwu <kcwu@chromium.org>
Date: Mon Nov 07 18:41:52 2016

lcms: backport upstream commit c0a98d86

This fixed several issues.

BUG= chromium:654265 , chromium:657282 , chromium:654676 , chromium:654313 

Review-Url: https://codereview.chromium.org/2482523003

[add] https://crrev.com/413e3518ce390860cb5560720e5fba3ca7c8f764/third_party/lcms2-2.6/0012-backport-c0a98d86.patch
[modify] https://crrev.com/413e3518ce390860cb5560720e5fba3ca7c8f764/third_party/lcms2-2.6/README.pdfium
[modify] https://crrev.com/413e3518ce390860cb5560720e5fba3ca7c8f764/third_party/lcms2-2.6/src/cmsintrp.c
[modify] https://crrev.com/413e3518ce390860cb5560720e5fba3ca7c8f764/third_party/lcms2-2.6/src/cmsio0.c
[modify] https://crrev.com/413e3518ce390860cb5560720e5fba3ca7c8f764/third_party/lcms2-2.6/src/cmstypes.c

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/497a104c1a41fa6840998a97b1c674da1fd00c9b

commit 497a104c1a41fa6840998a97b1c674da1fd00c9b
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Tue Nov 08 05:00:34 2016

Roll src/third_party/pdfium/ a97fc7c63..3c669a7fb (8 commits).

https://pdfium.googlesource.com/pdfium.git/+log/a97fc7c6392c..3c669a7fb05d

$ git log a97fc7c63..3c669a7fb --date=short --no-merges --format='%ad %ae %s'
2016-11-07 thestig Fix #include after commit c09625ca.
2016-11-07 tsepez Force compiler to deduce src type for checked_cast<dst, src>.
2016-11-07 tsepez Hold trailers via unique_ptrs.
2016-11-07 thestig Sync pdfium tryserver list with main pdfium waterfall.
2016-11-07 tsepez Use unique_ptr return from CPDF_Parser::ParseIndirectObject()
2016-11-07 tsepez Rename CPDF_Linearized to CPDF_LinearizedHeader
2016-11-07 kcwu lcms: backport upstream commit c0a98d86
2016-11-07 dsinclair Fold DataProviders into parent classes

BUG= 654265 , 657282 , 654676 , 654313 

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2485023002
Cr-Commit-Position: refs/heads/master@{#430520}

[modify] https://crrev.com/497a104c1a41fa6840998a97b1c674da1fd00c9b/DEPS

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot