Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/959ead4baa2fe7b4367dedc234b1d3306cae0541 (oop : Only adjust serialization alignment when needed).

If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Couple things just changed here on cc side and Skia side with legacy code path- start w/ Mike for a look.

I stand corrected, I was thinking of a different change on our side... Mike may still take a look but this should really go to the original assignee/team.

Looking at the bisect CL, I see that during a AlignMemory9), the code just skips the extra bytes (does not write anything into them. Could this be a problem? The equivalent skia code (e.g. SkWriter32) writes pad-zeros when it needs to adjust alignment during writes.

In theory the align memory things are duplicated in both the reader and the writer, so that if the reader skips memory and leaves it uninitialized, then the writer will not read from there. 

ClusterFuzz has detected this issue as fixed in range 521781:521826.

Detailed report: https://clusterfuzz.com/testcase?key=6539152853303296

Fuzzer: libFuzzer_paint_op_buffer_eq_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  SkFontRequestCache::Request::Create
  SkFontMgr_FCI::onLegacyMakeTypeface
  SkFontMgr::legacyMakeTypeface
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=520972:521000
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=521781:521826

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6539152853303296

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6539152853303296 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot