ClusterFuzz has detected this issue as fixed in range 464722:464728.

Detailed report: https://clusterfuzz.com/testcase?key=4712912540401664

Fuzzer: libfuzzer_qcms_color_space_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  lut_inverse_interp16
  invert_lut
  compute_precache
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=464719:464722
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=464722:464728

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv97dpkqhPJVxhC3dkeWC6aWo893h4eFzZqFsjCkHbjWKuzeQSYMfvuSd-HMqKnonqI9YeKTi73uqbuOLmgULtB6NRacR_0j2c4n9xWnZcnDoEDXdSSeTtJEqcXZ8Aoi3Vl5zG05RbhDJi_sfi3tMtswdLvopn8cjya3FBWrHTccK4vcbOBQlD1fnOfRBhyPrO_VAsXbHzfs2vNbs7P_UJZ3CAY6rKtwStR3EzkM8XIuvmmlx6UkLxcivqhh5nU-LAQg94hujRuD7iAPYKlpPNGVPcL0d-y2PndKBXBh2yyzBykO044MV_07acSvMrbQIdB_cBn5qD3vEc8WibUPrvMP7SAavaf6jYPgbfU39RtMYccZ7Tck?testcase_id=4712912540401664


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4712912540401664 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Reproduces for me when inverting the precache gamma table.  The input gamma table is large and does cause an integer overflow when computing int b

  b = ((length-1 - NumPoles) * 0xFFFF) / (length-1);

in transform_util.c: lut_inverse_interp16().

Code review https://codereview.chromium.org/2825623002 landed to fix this.

We have made a bunch of changes on ClusterFuzz side, so resetting ClusterFuzz-Wrong label.