Jialiu could you please help triage this bug? Thanks!

rsesek@ -- can you please take a look? thanks.

Seems like a duplicate of 776307

 Issue 776307  is fixed and verified by CF so I think this is different (maybe spotted an off-by-one bug).

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/643f77a80eff6a5dfd8ddee266f62e5d140fed78

commit 643f77a80eff6a5dfd8ddee266f62e5d140fed78
Author: Robert Sesek <rsesek@chromium.org>
Date: Tue Nov 14 00:19:10 2017

Fix heap overflow in safe_browsing::dmg::HFSBTreeIterator::Next().

The code was not properly checking that the length of the key string
contained within the buffer. The string uses UTF-16 (two-byte) units
but was treating the length as single-byte units. This switches the
code to use the size-checked GetLeafData<T> wrapper.

Bug:  783914 
Change-Id: I4f9207532181656e4865eb4c397cae5745b5785a
Reviewed-on: https://chromium-review.googlesource.com/767408
Reviewed-by: Jialiu Lin <jialiul@chromium.org>
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#516109}
[modify] https://crrev.com/643f77a80eff6a5dfd8ddee266f62e5d140fed78/chrome/utility/safe_browsing/mac/hfs.cc

ClusterFuzz has detected this issue as fixed in range 516099:516184.

Detailed report: https://clusterfuzz.com/testcase?key=5386960305913856

Fuzzer: libFuzzer_safe_browsing_hfs_fuzzer
Job Type: mac_libfuzzer_chrome_asan
Platform Id: mac

Crash Type: Heap-buffer-overflow READ 2
Crash Address: 0x621000008900
Crash State:
  safe_browsing::dmg::HFSBTreeIterator::Next
  safe_browsing::dmg::HFSIterator::Next
  start
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=mac_libfuzzer_chrome_asan&range=509376:509426
Fixed: https://clusterfuzz.com/revisions?job=mac_libfuzzer_chrome_asan&range=516099:516184

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5386960305913856

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5386960305913856 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot