This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

dsinclair: Would you mind helping us find an owner for this one?

**** Bulk edit -  please ignore if not applicable ****

A friendly reminder that M55 Stable is launch is coming soon! Your bug is labelled as Stable ReleaseBlock, pls make sure to land the fix and get it merged into the release branch ASAP so it gets enough baking time in Beta (before Stable promotion). Thank you!

kcwu@ I believe you looked at some others of these?

**** Bulk edit -  please ignore if not applicable ****

A friendly reminder that M55 Stable is launch is coming soon! Your bug is labelled as Stable ReleaseBlock, pls make sure to land the fix and get it merged into the release branch ASAP so it gets enough baking time in Beta (before Stable promotion). Thank you!

kcwu: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

**** Bulk edit -  please ignore if not applicable ****

A friendly reminder that M55 Stable is launch is coming soon! Your bug is labelled as Stable ReleaseBlock, pls make sure to land the fix and get it merged into the release branch ASAP so it gets enough baking time in Beta (before Stable promotion). Thank you!

Also due to Thanksgiving holidays in US, please make sure all fixes are ready and merged to M55 latest by 5:00 PM PT Friday, 11/18/16.

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium.git/+/413e3518ce390860cb5560720e5fba3ca7c8f764

commit 413e3518ce390860cb5560720e5fba3ca7c8f764
Author: kcwu <kcwu@chromium.org>
Date: Mon Nov 07 18:41:52 2016

lcms: backport upstream commit c0a98d86

This fixed several issues.

BUG= chromium:654265 , chromium:657282 , chromium:654676 , chromium:654313 

Review-Url: https://codereview.chromium.org/2482523003

[add] https://crrev.com/413e3518ce390860cb5560720e5fba3ca7c8f764/third_party/lcms2-2.6/0012-backport-c0a98d86.patch
[modify] https://crrev.com/413e3518ce390860cb5560720e5fba3ca7c8f764/third_party/lcms2-2.6/README.pdfium
[modify] https://crrev.com/413e3518ce390860cb5560720e5fba3ca7c8f764/third_party/lcms2-2.6/src/cmsintrp.c
[modify] https://crrev.com/413e3518ce390860cb5560720e5fba3ca7c8f764/third_party/lcms2-2.6/src/cmsio0.c
[modify] https://crrev.com/413e3518ce390860cb5560720e5fba3ca7c8f764/third_party/lcms2-2.6/src/cmstypes.c

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/497a104c1a41fa6840998a97b1c674da1fd00c9b

commit 497a104c1a41fa6840998a97b1c674da1fd00c9b
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Tue Nov 08 05:00:34 2016

Roll src/third_party/pdfium/ a97fc7c63..3c669a7fb (8 commits).

https://pdfium.googlesource.com/pdfium.git/+log/a97fc7c6392c..3c669a7fb05d

$ git log a97fc7c63..3c669a7fb --date=short --no-merges --format='%ad %ae %s'
2016-11-07 thestig Fix #include after commit c09625ca.
2016-11-07 tsepez Force compiler to deduce src type for checked_cast<dst, src>.
2016-11-07 tsepez Hold trailers via unique_ptrs.
2016-11-07 thestig Sync pdfium tryserver list with main pdfium waterfall.
2016-11-07 tsepez Use unique_ptr return from CPDF_Parser::ParseIndirectObject()
2016-11-07 tsepez Rename CPDF_Linearized to CPDF_LinearizedHeader
2016-11-07 kcwu lcms: backport upstream commit c0a98d86
2016-11-07 dsinclair Fold DataProviders into parent classes

BUG= 654265 , 657282 , 654676 , 654313 

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2485023002
Cr-Commit-Position: refs/heads/master@{#430520}

[modify] https://crrev.com/497a104c1a41fa6840998a97b1c674da1fd00c9b/DEPS

ClusterFuzz has detected this issue as fixed in range 430478:430527.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5854737515937792

Fuzzer: libfuzzer_pdf_codec_icc_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 4
Crash Address: 0x608000001408
Crash State:
  TetrahedralInterpFloat
  _LUTeval16
  PrecalculatedXFORM
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=420440:420580
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=430478:430527

Minimized Testcase (0.57 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96ZAmwClWYjpY3jIUESjiMjxyow10AhJAyE-jZ08kWq28tKIsJhGjLFuoGIkanjSEHZKVj9B5l6e7dWSdXRGyxOEKuYVhungCSUbVTuW9ttAJPWn9tr7dOYQiRhGqfyDYmT-ZMsHpTiau04ZbYOHDTgFj9SQQ?testcase_id=5854737515937792

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Merge requested in  issue 654265 .

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot