Assigning to the concern owner from find it,

The result is a list of CLs that change the crashed files. 

Author: Lei Zhang
Project: chromium-sfntly
Changelist: https://chromium.googlesource.com/external/github.com/googlei18n/sfntly.git/+/083b02b10572142d9863d945a8cf52fed2df997d
Time: Wed Oct 19 21:45:57 2016
File font.cc is changed in this cl (and is part of stack frame #0, "sfntly::Font::Builder::ReadHeader"; frame #1, "sfntly::Font::Builder::LoadFont"; frame #2, "sfntly::Font::Builder::GetOTFBuilder")
Minimum distance from crash line to modified line: 55. (file: font.cc, crashed on: 341, modified: 396). 

Author: Lei Zhang
Project: chromium-sfntly
Changelist: https://chromium.googlesource.com/external/github.com/googlei18n/sfntly.git/+/ebaa364dd0e270b6954331dc5ffb5fe4462de372
Time: Wed Oct 26 01:32:02 2016
File font.cc is changed in this cl (and is part of stack frame #0, "sfntly::Font::Builder::ReadHeader"; frame #1, "sfntly::Font::Builder::LoadFont"; frame #2, "sfntly::Font::Builder::GetOTFBuilder")
Minimum distance from crash line to modified line: 57. (file: font.cc, crashed on: 512, modified: 455).

@Lei Zhang -- Could you please look into the issue, kindly re-assign if this is not related to your change.
Thank You.

https://github.com/googlei18n/sfntly/pull/75

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/83d38421f79045fef26de00d4c76198c06067852

commit 83d38421f79045fef26de00d4c76198c06067852
Author: thestig <thestig@chromium.org>
Date: Tue Mar 28 19:27:17 2017

Roll DEPS for sfntly de3cce5..04740d2

04740d2 Merge pull request #75 from leizleiz/morefixes
0c9b2fd Fix nits in OTFBasicEditing test.
3723ffd Fix ReadableFontData::ReadDateTimeAsLong().
126f3b3 Fix assert failures in HorizontalMetricsTable.
8fcbf51 Check offsets in FontFactory::LoadCollectionForBuilding().
b95a8f4 Avoid integer overflow in LocaTable::GlyphLength().
cccd3aa Check for integer overflow in SetupGlyfBuilders.
f1384b2 Fix more NULL pointer derefs in sfntly::Font::Builder.
7525f24 Revert commit 3e3a91a.

BUG= 659936 ,663737, 666619 , 669806 , 699510 , 705357 
TBR=behdad@chromium.org,jshin@chromium.org

Review-Url: https://codereview.chromium.org/2784563002
Cr-Commit-Position: refs/heads/master@{#460186}

[modify] https://crrev.com/83d38421f79045fef26de00d4c76198c06067852/DEPS

ClusterFuzz has detected this issue as fixed in range 460148:460187.

Detailed report: https://clusterfuzz.com/testcase?key=6111068792553472

Fuzzer: libfuzzer_sfntly_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  sfntly::Font::Builder::ReadHeader
  sfntly::Font::Builder::LoadFont
  sfntly::Font::Builder::GetOTFBuilder
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=427783:427885
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=460148:460187

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94h1lsEi-7bcRAUBYufHyajdQgWQlxymUPiAxuPMwGiWAdLyBJAtWmKsYxciz-aGOYHBDoDjWwfZc87YK0T6dhrubJnxjVK0P9h1CAU8vljGhtaVgWuQYUwMoBt_zBar47tSWU-3beWrK7cm9pLb3iUv3olbtBH4Y1AIOQyFRg2tkew4Lc9eYxf6Pem9Ee_AJEzVkFWkQOmWtxXb_x7E-skdBMIremuw675oozSRUu49FkyEZ9FMpC359eKxGd1oQOYxQxpdExvOoHM-26Iz3J0azkDlkQWNqZGKdEsafXBNcxkZ_qALu43HDHFWcvGvV10Q_obfnb5mSAALEDN1mA8kBYHAuUaNz8YGAwAGdxWzpXetSI?testcase_id=6111068792553472


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.