Could someone please take a look?.
Thank you.

I can’t access the detailed report, but isn’t this the same issue as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=172 (and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=402, https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=404)?

ClusterFuzz is analyzing your testcase. Developers can follow the progress at https://cluster-fuzz.appspot.com/testcase?key=6448838606061568

Let's see f it reproduces with ASan.

dr.khaled.hosny@gmail.com, I've attached the reproducer and the stacktrace is below:

==18411== ERROR: libFuzzer: timeout after 25 seconds
#0 0x43c4c9 in __sanitizer_print_stack_trace
#1 0x4b98ca in fuzzer::Fuzzer::AlarmCallback() third_party/libFuzzer/src/FuzzerLoop.cpp:319:7
#2 0x446717 in SignalHandler(int)
#3 0x7f872cfb332f in libpthread.so.0
#4 0x5ca96f in (anonymous namespace)::ParseValueRecord(ots::Font const*, ots::Buffer*, unsigned char const*, unsigned long, unsigned short) third_party/ots/src/gpos.cc:87:16
#5 0x5cc8f5 in (anonymous namespace)::ParsePairPosFormat2(ots::Font const*, unsigned char const*, unsigned long, unsigned short, unsigned short, unsigned short) third_party/ots/src/gpos.cc:352:29
#6 0x5c6e26 in (anonymous namespace)::ParsePairAdjustment(ots::Font const*, unsigned char const*, unsigned long) third_party/ots/src/gpos.cc:401:10
#7 0x5fb3c6 in ots::LookupSubtableParser::Parse(ots::Font const*, unsigned char const*, unsigned long, unsigned short) const third_party/ots/src/layout.cc:1195:12
#8 0x6055d7 in (anonymous namespace)::ParseLookupTable(ots::Font*, unsigned char const*, unsigned long, ots::LookupSubtableParser const*) third_party/ots/src/layout.cc:259:18
#9 0x603263 in ots::ParseLookupListTable(ots::Font*, unsigned char const*, unsigned long, ots::LookupSubtableParser const*, unsigned short*) third_party/ots/src/layout.cc:1344:10
#10 0x5c3809 in ots::ots_gpos_parse(ots::Font*, unsigned char const*, unsigned long) third_party/ots/src/gpos.cc:757:10
#11 0x51a349 in (anonymous namespace)::ProcessGeneric(ots::OpenTypeFile*, ots::Font*, unsigned int, ots::OTSStream*, unsigned char const*, unsigned long, std::__1::vector<(anonymous namespace)::OpenTypeTable, std::__1::allocator<(anonymous namespace)::OpenTypeTable> > const&, ots::Buffer&) third_party/ots/src/ots.cc:668:12
#12 0x5158ca in (anonymous namespace)::ProcessTTF(ots::OpenTypeFile*, ots::Font*, ots::OTSStream*, unsigned char const*, unsigned long, unsigned int) third_party/ots/src/ots.cc:220:10
#13 0x50ba2a in ots::OTSContext::Process(ots::OTSStream*, unsigned char const*, unsigned long, unsigned int) third_party/ots/src/ots.cc:900:14
#14 0x48b8b0 in LLVMFuzzerTestOneInput third_party/ots/fuzz/ots_fuzzer.cc:17:11

Deleted: clusterfuzz-testcase-5368290248753152 820 bytes

clusterfuzz-testcase-5368290248753152 820 bytes View Download

Looks like the same issue as the ones linked above.

Seems like this issue is not fixed. please take a look and duplicate if any of the bugs mentioned in comment#4 is same.
Thank you

I think Chrome needs to update its copy of OTS to get the fix.

behdad@, may I ask you please to update ots revision in Chromium as suggested per c#10?

ClusterFuzz testcase 5368290248753152 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.