Hi, can you take a look at this from the ICC fuzzer? Thanks!

SetMatShaper() expects curves with size=3 but got 2. I will fix it soon.

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium.git/+/89a2d92549d25df6786d53de5671eb141e1fd3e2

commit 89a2d92549d25df6786d53de5671eb141e1fd3e2
Author: kcwu <kcwu@chromium.org>
Date: Tue Nov 22 19:37:16 2016

pdfium: Fix inconsistent number of color components of ICC profile

fx_codec_icc.cpp specify default number of color components as 3 for
unknown profiles. However, lcms may know such profile with different
number of components. The inconsistency may lead to array access
violation.

This CL uses cmsChannelsOf() from lcms to ensure consistency. And
rejects unexpected number according to PDF spec.

BUG= chromium:667694 

Review-Url: https://codereview.chromium.org/2522933002

[modify] https://crrev.com/89a2d92549d25df6786d53de5671eb141e1fd3e2/core/fxcodec/codec/fx_codec_icc.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4966f6cfb3d4023ee5b085e61c35550b291407f6

commit 4966f6cfb3d4023ee5b085e61c35550b291407f6
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Tue Nov 22 23:58:08 2016

Roll src/third_party/pdfium/ 1aff265f7..c675a2f4a (4 commits).

https://pdfium.googlesource.com/pdfium.git/+log/1aff265f7a21..c675a2f4afdd

$ git log 1aff265f7..c675a2f4a --date=short --no-merges --format='%ad %ae %s'
2016-11-22 tsepez Use more unique_ptrs in CPDF_SyntaxParser and CPDF_Annot
2016-11-22 tsepez Ensure CPDF_CountedObjects only made from owned references.
2016-11-22 caryclark handle antialiased rendering as premultiplied
2016-11-22 kcwu pdfium: Fix inconsistent number of color components of ICC profile

BUG= 667694 

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2522993002
Cr-Commit-Position: refs/heads/master@{#434031}

[modify] https://crrev.com/4966f6cfb3d4023ee5b085e61c35550b291407f6/DEPS

ClusterFuzz has detected this issue as fixed in range 433935:434071.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5412877675790336

Fuzzer: libfuzzer_pdf_codec_icc_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 8
Crash Address: 0x6020000004e0
Crash State:
  SetMatShaper
  OptimizeMatrixShaper
  _cmsOptimizePipeline
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=420440:420580
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=433935:434071

Minimized Testcase (0.29 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94Tq3YoCvTJw8bj8KTjm4kCynJtpfqAd_mbWhTexMipLzn2D4guFXoBo5jS1yUqOSrzwi1sC6TaDb8xs1S1EYnr3txlojqIQD52FK4LB7Rk2nambkO4iWD4oSEPoI0SnaehZhr-K39t977jP77jsIIHZnHJrQ?testcase_id=5412877675790336

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

[Automated comment] DEPS changes referenced in bugdroid comments, needs manual review.

+awhalley@ for M55 merge review.

Just after a merge to 55 of "Fix inconsistent number of color components of ICC profile", don't need a full DEPS roll.

Approving merge to M55 branch 2883 based on comment #14. Please merge ASAP. Merge has to happen before 4:00 PM PT, Monday (11/28) in order to make to Desktop final build cut. Thank you.

ochang@'s going to merge this imminently, please hold off from the build until it's in, thanks!

Merged in https://codereview.chromium.org/2535663005/

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot