OSV-2021-1153 Heap-buffer-overflow in hb_array_t<OT::IntType<unsigned int, 4u> const> hb_array_t<OT::IntType<unsigned

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37348 Crash type: Heap-buffer-overflow READ 4 Crash state: hbarrayt const hbarrayt ::copy hbheadt , decltype...

OSV-2018-73 Stack-buffer-overflow in hb_array_t<char const>::cmp

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11908 Crash type: Stack-buffer-overflow READ 4 Crash state: hbarrayt::cmp OT::post::acceleratort::cmpkey hbbsearchr...

OSV-2020-708 Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14919 Crash type: Heap-buffer-overflow READ 2 Crash state: BEInt::operator unsigned short OT::IntType::operator unsigned int hbmapiterthbmapiterthbarraytOT::OffsetToOT::AxisValue, OT::IntTypeu...

OSV-2020-516 Heap-buffer-overflow in hb_array_t<OT::IntType<unsigned short, 2u> const> hb_array_t<OT::IntType<unsigne

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18513 Crash type: Heap-buffer-overflow READ 2 Crash state: hbarrayt const hbarrayt ::copy ZN22hbserializecontextt5copyIN2OT14UnsizedArrayOfINS17IntTypeItLj2EEEEEJRj...

OSV-2020-183 Global-buffer-overflow in hb_array_t<OT::IntType<unsigned char, 1u> const> hb_array_t<OT::IntType<unsigned

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20321 Crash type: Global-buffer-overflow READ 1 Crash state: hbarrayt const hbarrayt ::copy OT::SBIXGlyph::copy...

OSV-2020-182 Heap-buffer-overflow in hb_array_t<OT::IntType<unsigned char, 1u> const> hb_array_t<OT::IntType<unsigned

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20249 Crash type: Heap-buffer-overflow READ 1 Crash state: hbarrayt const hbarrayt ::copy OT::SBIXGlyph::copy...