This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Hi Skia folks, do you mind taking a look at this one? There was nothing interesting in the blame range for this.

The following revision refers to this bug:
  https://skia.googlesource.com/skia/+/6e834799946537370e6f3c10aa2745ed969b2a27

commit 6e834799946537370e6f3c10aa2745ed969b2a27
Author: Matt Sarett <msarett@google.com>
Date: Tue Apr 18 15:37:29 2017

Fix out of bounds read in SkColorSpace::MakeICC

Bug:  711895 
Change-Id: I8574289bda842cf1be3fb5bcf347a81b98fdc6b0
Reviewed-on: https://skia-review.googlesource.com/13690
Commit-Queue: Matt Sarett <msarett@google.com>
Reviewed-by: Mike Klein <mtklein@chromium.org>

[modify] https://crrev.com/6e834799946537370e6f3c10aa2745ed969b2a27/src/core/SkColorSpace_ICC.cpp

ClusterFuzz has detected this issue as fixed in range 465252:465271.

Detailed report: https://clusterfuzz.com/testcase?key=4581502580162560

Fuzzer: libfuzzer_skia_color_space_fuzzer
Job Type: mac_libfuzzer_chrome_asan
Platform Id: mac

Crash Type: Heap-buffer-overflow READ 1
Crash Address: 0x61c000001764
Crash State:
  read_big_endian_u32
  load_a2b0
  make_a2b
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=mac_libfuzzer_chrome_asan&range=463138:463173
Fixed: https://clusterfuzz.com/revisions?job=mac_libfuzzer_chrome_asan&range=465252:465271

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv96FA8KfVSoZudCA8F_PgysIwGVtcgG7mMlqiILzaJ1o2SO6M1-zafRRS5F579ZEcalZG6snUQeN6X8jDGZ3oYRb86q2yWgcdoe-1TKdyZHqY75YcAyCRS468iDC5JW_jlunFOAgwQ0O6zbd2t4xWkALzVorxKZZznEKXPX8Bh6ax6WEZhPfJAluB864TPjSEwH8RbnOcfMcdUAjQuiAHxErVT2fvoBn_qbeSylIH0b_RJXVx6PLhwJaRwOOsxRYjb0_DgJErb3NlS_B86e1ZgoZEQxhdxxmlWkxxegd8DJluJ8BzCbj3CcdsHFWcYwK2en97Eev2s11_YIvNEsU4FyH33maWizXryUaBdkIIpH3N9iaC54?testcase_id=4581502580162560


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4581502580162560 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Your change meets the bar and is auto-approved for M59. Please go ahead and merge the CL to branch 3071 manually. Please contact milestone owner if you have questions.
Owners: amineer@(Android), cmasso@(iOS), gkihumba@(ChromeOS), Abdul Syed@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://skia.googlesource.com/skia/+/e0e50cfe755fe5a28706b98a721b9ebbc1ee84d7

commit e0e50cfe755fe5a28706b98a721b9ebbc1ee84d7
Author: Matt Sarett <msarett@google.com>
Date: Fri Apr 21 21:08:47 2017

Fix out of bounds read in SkColorSpace::MakeICC

Bug:  711895 
Change-Id: I8574289bda842cf1be3fb5bcf347a81b98fdc6b0
Reviewed-on: https://skia-review.googlesource.com/13690
Commit-Queue: Matt Sarett <msarett@google.com>
Reviewed-by: Mike Klein <mtklein@chromium.org>
(cherry picked from commit 6e834799946537370e6f3c10aa2745ed969b2a27)
Reviewed-on: https://skia-review.googlesource.com/14103
Reviewed-by: Matt Sarett <msarett@google.com>

[modify] https://crrev.com/e0e50cfe755fe5a28706b98a721b9ebbc1ee84d7/src/core/SkColorSpace_ICC.cpp

Please merge your change to M59 branch #3071 latest before 4:00 PM PT, Monday (04/24) so we can take it for next week last M59 dev release. Thank you.

It has been merged per #59.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot