OSV-2021-1518 UNKNOWN READ in bool OT::OffsetTo<OT::ClipBox, OT::IntType<unsigned int, 3u>, true>::serialize_c

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40540 Crash type: UNKNOWN READ Crash state: bool OT::OffsetTo, true::serializec OT::ClipList::serializecliprecords OT::ClipList::subset...

OSV-2021-396 Heap-buffer-overflow in OT::OffsetTo<OT::Anchor, OT::IntType<unsigned short, 2u>, true>* hb_serialize_co

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30908 Crash type: Heap-buffer-overflow READ 2 Crash state: OT::OffsetTo, true hbserializeco OT::OffsetTo, true hbserializeco bool OT::AnchorMatrix::serializehbfilteriterthbrangeitertunsigned int,...

OSV-2020-708 Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14919 Crash type: Heap-buffer-overflow READ 2 Crash state: BEInt::operator unsigned short OT::IntType::operator unsigned int hbmapiterthbmapiterthbarraytOT::OffsetToOT::AxisValue, OT::IntTypeu...

OSV-2020-565 Use-of-uninitialized-value in OT::AxisValue::sanitize

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14850 Crash type: Use-of-uninitialized-value Crash state: OT::AxisValue::sanitize bool OT::OffsetTo, true::sanitiz bool OT::UnsizedArrayOfOT::OffsetToOT::AxisValue, OT::IntTypeunsigned short,...

harfbuzz/hb-subset-get-codepoints-fuzzer: Use-of-uninitialized-value in OT::OffsetTo<OT::ArrayOfM1<OT::ResourceTypeRecord, OT::IntType<unsigned short, 2

Project: https://github.com/harfbuzz/harfbuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5736539338833920 Project: harfbuzz Fuzzer: libFuzzerharfbuzzhb-subset-get-codepoints-fuzzer Fuzz target binary: hb-subset-get-codepoints-fuzzer Job Type: libfuzzermsanharfbuzz Platform Id: linux...