As per the  Issue 756727  owner, assigning this issue to @enne.
@enne -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes.
Thanks.

This looks like SkTextBlobBuilder::allocInternal is allocating some arbitrary amount of data (glyphCount is very large).  This code could be patched to not allocate any more than the read buffer could possibly hold, but this also could be a WontFix.

ClusterFuzz has detected this issue as fixed in range 520961:520991.

Detailed report: https://clusterfuzz.com/testcase?key=5101397384364032

Fuzzer: libFuzzer_paint_op_buffer_eq_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Out-of-memory (exceeds 2048 MB)
Crash Address: 
Crash State:
  paint_op_buffer_eq_fuzzer
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=520300:520355
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=520961:520991

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5101397384364032

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5101397384364032 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.