npm@ freetype fuzzer fun.

Another example reproducible in clusterfuzz but not locally because third_party/freetype2 needs update.

@drott - can I punt this to you, too?

@drott - can I punt this to you, too?


Yes.

ClusterFuzz has detected this issue as fixed in range 453205:453227.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5443090744868864

Fuzzer: libfuzzer_pdfium_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  tt_cmap4_validate
  tt_face_build_cmaps
  sfnt_load_face
  
Sanitizer: undefined (UBSAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=397764:398208
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=453205:453227

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95Hj2Sdf8cezpfykK2fGAkeYdta6RHCw-OyvJ-l3zXbSxmLX-XBEwN-MtAoFBRv_SNTP6JXUpTtFIbvtWB_9g15sC_-N5WLZ38qOvaLhEKkmo1RXUW4COEli7rQyoYwxZzXWcpf-aa9Y19cipzzd_4jOXna6nAW_WUTctSxuwLdjg3okLMjGgUrGVG2n6kwK1Lk6jkuCff1-WbjFkIm12gQ_iJ5i0PV1azZ13sM3OdFLq-LLBpo84JJyKL1nbiJDVkzuznzqt7lPrtXSm7xKa6LdRWFYxC1qHYkz069sxs4tjcwyozzWPa4EhVDGtfN3gYkXXcKlbvVDSRXdOMXQvyDnV4ujzK32esdtSOXsSTCWiBddPE?testcase_id=5443090744868864


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

FreeType was updated to 2.7.1 + patches in https://chromium-review.googlesource.com/c/444189/