Hi, ClusterFuzz fingered https://skia-review.googlesource.com/c/4770/ as a possible cause of this heap buffer overflow (routing via SkColorSpace_ICC.cpp:load_lut_gammas). Can you please take a look?

This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://skia.googlesource.com/skia.git/+/8daef3ebdd71f0a33faa186511d81c951e3917ab

commit 8daef3ebdd71f0a33faa186511d81c951e3917ab
Author: raftias <raftias@google.com>
Date: Tue Nov 22 18:21:22 2016

Fixed fuzzer issue with lut16Type A2B ICC profiles

There was no check for if a profile had gamma table with 0 elements.
Now it verifies that the table has 2-4096 entries as the ICC specs say.

BUG= 667695 

GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=5124

Change-Id: I36de202e398654ce8dd88e765455b4c4577724d2
Reviewed-on: https://skia-review.googlesource.com/5124
Reviewed-by: Matt Sarett <msarett@google.com>
Commit-Queue: Robert Aftias <raftias@google.com>

[modify] https://crrev.com/8daef3ebdd71f0a33faa186511d81c951e3917ab/src/core/SkColorSpace_ICC.cpp

 Issue 667718  has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2aec8f5226381483e99636f6e8425914ba840538

commit 2aec8f5226381483e99636f6e8425914ba840538
Author: skia-deps-roller <skia-deps-roller@chromium.org>
Date: Tue Nov 22 21:40:10 2016

Roll src/third_party/skia/ 46e66a2bf..818d8a99e (8 commits).

https://skia.googlesource.com/skia.git/+log/46e66a2bf515..818d8a99e848

$ git log 46e66a2bf..818d8a99e --date=short --no-merges --format='%ad %ae %s'
2016-11-22 brianosman Handle nullptr from asTextureRef
2016-11-22 halcanary remove SkPixelRef::refEncodedData()
2016-11-22 kjlubick FuzzDrawFunctions from twsmith
2016-11-22 mtklein accum_565 and accum_f16
2016-11-22 raftias Fixed fuzzer issue with lut16Type A2B ICC profiles
2016-11-22 msarett Fix NoGPU bot
2016-11-22 msarett Add SkOverdrawCanvas to detect overdraw
2016-11-22 halcanary SkImageEncoder: simplify API

BUG=666519, 667695 

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls

CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel
TBR=egdaniel@google.com

Review-Url: https://codereview.chromium.org/2525623003
Cr-Commit-Position: refs/heads/master@{#433989}

[modify] https://crrev.com/2aec8f5226381483e99636f6e8425914ba840538/DEPS

 Issue 667936  has been merged into this issue.

 Issue 667719  has been merged into this issue.

ClusterFuzz has detected this issue as fixed in range 433985:434043.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5694768391913472

Fuzzer: noel-image-flip
Job Type: linux_asan_chrome_chromeos
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 4
Crash Address: 0x6070000272e8
Crash State:
  table
  table_r
  color_lookup_table
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=433593:433747
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=433985:434043

Minimized Testcase (515.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97F76BfFjD7tzGW4ve9QaCtH7C2KZWvYJPFe2T7_RO84nP393U6buwRPjsl8m3iA5L7RDdLAtzlhcauoA0bQ-z5nF7LWg43nj0nWKgcnzFBKo5aozG4Jm2V0n-sJuaZ9yhSAXKwOb-RTfBoK5zgVYwYJ9zhsrm3wj58BKmC7cVGzMRu8nk?testcase_id=5694768391913472

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

 Issue 668557  has been merged into this issue.

 Issue 668881  has been merged into this issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot