dsinclair @ could you please look into this.please feel free to re-assigned back if needed. thanks in advance !

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium.git/+/c0f60dc29db66262bbc0082fcd51170a570b0d1f

commit c0f60dc29db66262bbc0082fcd51170a570b0d1f
Author: dsinclair <dsinclair@chromium.org>
Date: Wed Sep 21 19:49:36 2016

Check for overflow in CMap_GetCode.

Given a large enough value for the character code it's possible to overflow
the conversion to an int. This Cl updates the code to guard against overflow.

BUG= chromium:648739 

Review-Url: https://codereview.chromium.org/2358023002

[modify] https://crrev.com/c0f60dc29db66262bbc0082fcd51170a570b0d1f/core/fpdfapi/fpdf_font/fpdf_font_cid.cpp
[modify] https://crrev.com/c0f60dc29db66262bbc0082fcd51170a570b0d1f/core/fpdfapi/fpdf_font/fpdf_font_cid_unittest.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/37722ec53f433f6f1456a3cc9150cfbf9e8f7a08

commit 37722ec53f433f6f1456a3cc9150cfbf9e8f7a08
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Wed Sep 21 22:09:59 2016

Roll src/third_party/pdfium/ b94d7c921..17103b84e (4 commits).

https://pdfium.googlesource.com/pdfium.git/+log/b94d7c921616..17103b84ebde

$ git log b94d7c921..17103b84e --date=short --no-merges --format='%ad %ae %s'
2016-09-21 tsepez Make ownership explicit in CPDF_ContentMarkItem.
2016-09-21 dsinclair Check for overflow in CMap_GetCode.
2016-09-21 tonikitoo Avoid static initializers and global variables in 'pdfium_test'.
2016-09-21 weili Clear LeakSanitizer's suppression list

BUG= 648739 

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2357413002
Cr-Commit-Position: refs/heads/master@{#420176}

[modify] https://crrev.com/37722ec53f433f6f1456a3cc9150cfbf9e8f7a08/DEPS

ClusterFuzz has detected this issue as fixed in range 420163:420225.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6639975808630784

Fuzzer: ochang_search_index_mutator
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  CPDF_CMapParser::CMap_GetCode
  CPDF_CMapParser::ParseWord
  CPDF_CMap::LoadEmbedded
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=420163:420225

Minimized Testcase (2169.24 Kb): https://cluster-fuzz.appspot.com/download/AMIfv956zL9-kYRtT6-PEKFIHQZVF2oy3hWWOC7QwBj2uvCFKhDjPT48ZHSYa3rB9O7-ehcNQL9b9oR5N7K_nPIPRDP3YqMSqNZhsNrcGq02R37weGBoJyHr1wM5U23VgPxFvcUPhniIjZBpK_mzk3-84jruYk25L_E6foOmqzhAsGWH88CC7R8?testcase_id=6639975808630784

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot