behdad@, could you please help to find an owner for that? Or may we it should be reported and fixed upstream?

I'm the upstream owner.  Will fix.

FWIW, that codepath is not currently used in Chromium, so there's no current security impact.

Behdad, if possible, please mention the fix in https://github.com/behdad/harfbuzz/issues/139 to keep public bookkeeping in a single place. 

Will do.

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4595252552007680

Fuzzer: libfuzzer_harfbuzz_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  get_advance
  hb_ot_get_glyph_h_advance
  get_glyph_h_advance
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=395559:395598

Minimized Testcase (6.63 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95qdBHuwPobBJuDCOsSgNosSO96FyvhC97qQdlUXt1E-ZYsw05DvZng_nBuUeq8VsLCbJ8Qj4iy7tUQnGqnIsil_kAho3fo9zZkjhbdHVj0JE9xLnz7pgIKKkzw5JDU3sPi8xDCRm0F1Iaf2yB4LAobZHAcCw

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5224957185622016

Fuzzer: libfuzzer_harfbuzz_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  get_advance
  hb_ot_get_glyph_h_advance
  get_glyph_h_advance
  
Recommended Security Severity: Medium


Minimized Testcase (5.77 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97vF2RKv2kJKC_RZ6Dc0s218TyaSNWS7vDinx_yZs0WZwPGRWDeV5bXqTj432Fkjvz3V_zk5RPmGUB5UFpUFyiGw738NaBDT8NVzRw404UfDbzcidyx4a2Pr-2qBuw7sW_8bxDYN-HpSTtX79rCItESqtEaDg

Filer: mmoroz

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

M-51 -> M-53 since this only affects HEAD.

This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

behdad: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

M53 is branching soon and will be promoted to Beta in July.Your bug is labelled as Beta ReleaseBlock, pls make sure to land the fix ASAP. Thank you. 

behdad: Uh oh! This issue still open and hasn't been updated in the last 29 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5224957185622016

Fuzzer: libfuzzer_harfbuzz_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  get_advance
  hb_ot_get_glyph_h_advance
  get_glyph_h_advance
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=395559:395598

Minimized Testcase (5.77 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97eQtx5Nn6xIAcgCJg5jg16QdnOwMWuOQajwk1lJKvwcYOlHbIIrWjX9WVTvBOSGKuZR6uhq5MsBYPD65TLIEvUZmCopQf79vMtgSsakSn95Azm_VezYcI2PHPq1VgF5G3HlkbUe16SeKAzsL8Nj1rGPpXW6Q?testcase_id=5224957185622016

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5224957185622016

Fuzzer: libfuzzer_harfbuzz_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  get_advance
  hb_ot_get_glyph_h_advance
  get_glyph_h_advance
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=395559:395598

Minimized Testcase (5.77 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97eQtx5Nn6xIAcgCJg5jg16QdnOwMWuOQajwk1lJKvwcYOlHbIIrWjX9WVTvBOSGKuZR6uhq5MsBYPD65TLIEvUZmCopQf79vMtgSsakSn95Azm_VezYcI2PHPq1VgF5G3HlkbUe16SeKAzsL8Nj1rGPpXW6Q?testcase_id=5224957185622016

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5251187477839872

Fuzzer: libfuzzer_harfbuzz_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  get_advance
  hb_ot_get_glyph_h_advance
  get_glyph_h_advance
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=395689:395794

Minimized Testcase (4.18 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95kA0SoREJIlhIo5TUqYcvMyeQSlPUNFKndPf6BXU_dbBFPeqZkJWgTD_yNXdg7riYufmP4mUPODbLu_4VY98nMk-bjN6DUzpA2D1P6aC3yESE8HVomoVTpyV5OoM1CQT-kotaVa0M_-Jcbx6BIpR0Kquh_-Q?testcase_id=5251187477839872

Filer: tanin

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

M53 is branching this week and will be promoted to Beta in July.Your bug is labelled as Beta ReleaseBlock, pls make sure to land the fix ASAP. Thank you.

M53 is branched today (2785) and will be promoted to Beta this month.Your bug is labelled as Beta ReleaseBlock, pls make sure to land and merge the fix to M53 branch 2785 by 5:00 PM PST on Friday 07/22 (sooner the better so it gets chance to bake in M53 dev releases it self). Thank you.

M53 beta launch is coming soon.Your bug is labelled as Beta ReleaseBlock, pls make sure to land the fix before 6:00 PM PST, Monday (07/18/16). Thank you.

M53 beta launch is next week.Your bug is labelled as Beta ReleaseBlock, pls make sure to land the fix before 6:00 PM PST, Friday (07/22/16). Thank you.

This is fixed upstream now.  Note that this is harmless from a security point of view.

Removing ReleaseBlock-Beta per #5 and #23

ClusterFuzz has detected this issue as fixed in range 406824:406932.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5251187477839872

Fuzzer: libfuzzer_harfbuzz_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  get_advance
  hb_ot_get_glyph_h_advance
  get_glyph_h_advance
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=395689:395794
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=406824:406932

Minimized Testcase (4.18 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95kA0SoREJIlhIo5TUqYcvMyeQSlPUNFKndPf6BXU_dbBFPeqZkJWgTD_yNXdg7riYufmP4mUPODbLu_4VY98nMk-bjN6DUzpA2D1P6aC3yESE8HVomoVTpyV5OoM1CQT-kotaVa0M_-Jcbx6BIpR0Kquh_-Q?testcase_id=5251187477839872

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Your change meets the bar and is auto-approved for M53 (branch: 2785)

Please merge your change by Tuesday (08/16) 4:00 PM PT so we can take it in for this week Beta release. Thank you.

+mbarbella@ or +inferno@, could you please help with this merge before 4:00 PM PT today so we can take it for tomorrow's beta release. Thank you.

This bug already missed this week M53 beta. Please try to merge this ASAP to M53 so we can pick it up for next week Last M53 beta. Thank you.

Updating to Security_Impact-None and removing M53 merge labels per #23

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot