thestig@, assigning this to you as an author of the fuzzer + one of the OWNERS for https://cs.chromium.org/chromium/src/third_party/sfntly/OWNERS

This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug is reported as M55 Beta blocker.Please try to resolve this before M55 branch on Oct 6th,2016 so it has enough baking time in Dev.

 Issue 652012  has been merged into this issue.

A friendly reminder that M55 Beta launch is coming soon! Your bug is labelled as Beta ReleaseBlock, pls make sure to land the fix ASAP. Thank you.

**** Bulk edit -  please ignore if not applicable ****

This bug  is reported as M55 Beta blocker and we're getting closer to M55 Beta promotion. 
Please plan to have fix ready and merged to M55 branch (2883) by 5:00 PM PT, Monday(10/10) so it has enough baking time in Dev before Beta promotion. Thank you.

Changing to release block stable due to suggestion in 652012 that this isn't a regression.

thestig: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The  bug 646347  fix takes care of this as well.

ClusterFuzz has detected this issue as fixed in range 426270:426317.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5065060257103872

Fuzzer: libfuzzer_sfntly_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Negative-size-param
Crash Address: 
Crash State:
  sfntly::MemoryByteArray::InternalGet
  sfntly::NameTable::Name
  HasName
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=417024:417277
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=426270:426317

Minimized Testcase (1.03 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94NsvmNaxdP1C38rVMFSaid0Li5PVjkmSq5AJElMzgw05ENpk0JnVLDyC66989FkOBx3T0rY72b0IAJYmvbHNNo0KyBYNSfZzrKf1vIBsYwnmy6ALMqn2Up--cogget4hxOgSEIdw36772YwMg1bzTxO0PaKA?testcase_id=5065060257103872

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot