OSV-2020-638 Heap-buffer-overflow in OT::UnsizedArrayOf<OT::IntType<unsigned char, 1u> >::copy

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14637 Crash type: Heap-buffer-overflow READ 1 Crash state: OT::UnsizedArrayOf ::copy bool OT::OffsetTo , OT::IntTy OT::NameRecord::copy...

OSV-2020-565 Use-of-uninitialized-value in OT::AxisValue::sanitize

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14850 Crash type: Use-of-uninitialized-value Crash state: OT::AxisValue::sanitize bool OT::OffsetTo, true::sanitiz bool OT::UnsizedArrayOfOT::OffsetToOT::AxisValue, OT::IntTypeunsigned short,...