FindIt result:
==============
Suspected CLs	No CL in the regression range changes the crashed files. The result is the blame information.

Author: tsepez
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/28c7844c1ef5ea0c8727b890e9ff56b593119a00
Time: Thu May 12 15:52:14 2016 -0700
The CL last changed line 142 of file fpdf_font.cpp, which is stack frame 0.

Author: tsepez
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/4c3debb3c91f5842784be30a911b52cdabcab7df
Time: Fri Apr 08 12:20:38 2016 -0700
The CL last changed line 239 of file fpdf_font.cpp, which is stack frame 1.

Author: dan sinclair
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/61b2fc718910a5ab2a75ec5026b239ff33bccfdc
Time: Wed Mar 23 19:21:44 2016 -0400
The CL last changed line 282 of file cpdf_font.cpp, which is stack frame 2.

Author: tsepez
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/a431e238ee42025cce44c3a76dd07c470d7f51ec
Time: Tue Jun 07 21:56:50 2016 -0700
The CL last changed line 150 of file cpdf_font.cpp, which is stack frame 3.

Author: dan sinclair
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/61b2fc718910a5ab2a75ec5026b239ff33bccfdc
Time: Wed Mar 23 19:21:44 2016 -0400
The CL last changed line 226 of file cpdf_cidfont.cpp, which is stack frame 4.

Author: dan sinclair
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/61b2fc718910a5ab2a75ec5026b239ff33bccfdc
Time: Wed Mar 23 19:21:44 2016 -0400
The CL last changed line 622 of file cpdf_cidfont.cpp, which is stack frame 5.

Author: dan sinclair
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/61b2fc718910a5ab2a75ec5026b239ff33bccfdc
Time: Wed Mar 23 19:21:44 2016 -0400
The CL last changed line 436 of file cpdf_cidfont.cpp, which is stack frame 6.

Suspected Project: chromium-pdfium

Based on the above Findit result assigning to tsepez and cc'ing dan for further investigation. 

Dan gets these nowdays.

But I'll fix it since it's mindless.

https://pdfium.googlesource.com/pdfium/+/68624257bf300036a3898015eee718a6026ca6f5

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/fcd3af29ac09bbcf1a5c7c288f63065c48449da7

commit fcd3af29ac09bbcf1a5c7c288f63065c48449da7
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Sat Aug 20 10:36:26 2016

Roll src/third_party/pdfium/ 5b13e1dc5..9b777deb0 (5 commits).

https://pdfium.googlesource.com/pdfium.git/+log/5b13e1dc5770..9b777deb00fb

$ git log 5b13e1dc5..9b777deb0 --date=short --no-merges --format='%ad %ae %s'
2016-08-19 weili Fix an embedder test with leaked page object
2016-08-19 npm Move CFX_FaceCache to its own file
2016-08-19 tsepez Avoid signed overflow in  CPDF_ToUnicodeMap::StringToCode()
2016-08-19 tsepez Introduce pdfium::FakeUniquePtr for keys to sets of unique ptrs.
2016-08-19 weili Fix leaked array buffer allocators of isolates

BUG= 638489 

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2265733002
Cr-Commit-Position: refs/heads/master@{#413333}

[modify] https://crrev.com/fcd3af29ac09bbcf1a5c7c288f63065c48449da7/DEPS

ClusterFuzz has detected this issue as fixed in range 413324:413335.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4940506125828096

Fuzzer: ochang_search_index_mutator
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  CPDF_ToUnicodeMap::StringToCode
  CPDF_ToUnicodeMap::Load
  CPDF_Font::LoadUnicodeMap
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=413324:413335

Minimized Testcase (378.65 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95Mtjjd6DFZhUcXbi6295d7REZXvUZ_DLwbCHCdxIU3gjZPI6KcwQS9zMrBIujE5UzzI6NA9uMnhN5H9P5XrY6fOjTXR6frM0WSjKjEH6DKSAkDqC52APRm1BDjdmGgyfI5dqTJkb5vSNV30_KQZ_hK4EA4Kligov7uWQiMJTQtGqQAJsQ?testcase_id=4940506125828096

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot