Find it result:
================
Git blame below is NOT necessarily who introduced the crash nor the owner for it. Please check the code before assigning to anyone.(No CL in the regression range changed the crashing files.) 

Author: dan sinclair
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/61b2fc718910a5ab2a75ec5026b239ff33bccfdc
Time: Wed Mar 23 19:21:44 2016 -0400
The CL last changed line 456 of file cpdf_cidfont.cpp, which is stack frame 0. 

Author: weili
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/d61f958385be285f3f3897ef3a3f010048608f1c
Time: Mon Oct 03 12:10:55 2016 -0700
The CL last changed line 214 of file cpdf_textobject.cpp, which is stack frame 1. 

Author: Dan Sinclair
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/c54c07eac0531b6d9fcd591c3e44c5e27817d076
Time: Tue Feb 21 17:18:27 2017 -0500
The CL last changed line 1276 of file cpdf_streamcontentparser.cpp, which is stack frame 2. 

Author: tsepez
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/271d9c0a85b50208baa8789ba6b245956317f719
Time: Thu Oct 13 11:29:04 2016 -0700
The CL last changed line 1347 of file cpdf_streamcontentparser.cpp, which is stack frame 3. 

Author: tsepez
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/2763fba8755e3ef4bc15eb5c347ea2f291c6736a
Time: Tue Jan 24 10:50:20 2017 -0800
The CL last changed line 1539 of file cpdf_streamcontentparser.cpp, which is stack frame 4. 

Author: npm
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/014b012278b7438ef8d4b66730b8598c7eb4623a
Time: Mon Nov 07 08:42:11 2016 -0800
The CL last changed line 178 of file cpdf_contentparser.cpp, which is stack frame 5. 

Author: Dan Sinclair
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/455a4199482324c888ea5892c660da354435c091
Time: Wed Mar 16 09:48:56 2016 -0400
The CL last changed line 33 of file cpdf_pageobjectholder.cpp, which is stack frame 6.
=================
Possible suspect from the above CL list:
https://pdfium.googlesource.com/pdfium.git/+/c54c07eac0531b6d9fcd591c3e44c5e27817d076
dsinclair@: Could you please take a look into this if its related to your change.

npm@ some kind of font issue?

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium/+/e472622d33bdca2316a22ff5ff8d77ac975c2eb2

commit e472622d33bdca2316a22ff5ff8d77ac975c2eb2
Author: Nicolas Pena <npm@chromium.org>
Date: Fri Mar 10 21:32:42 2017

Bound cbox from tricky faces

The cbox values are long. We should make sure they are not too big before
putting them into FX_RECT, which holds integers. The bound is chosen to also
avoid overflow when multiplying by 1000.

BUG= chromium:699961 

Change-Id: Ie4443848e0319348110f7215bd1c909ef19dad9f
Reviewed-on: https://pdfium-review.googlesource.com/2956
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>

[modify] https://crrev.com/e472622d33bdca2316a22ff5ff8d77ac975c2eb2/core/fpdfapi/font/cpdf_cidfont.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e4437fe7b0818475b020f6b3bf2b1577f49a3ec8

commit e4437fe7b0818475b020f6b3bf2b1577f49a3ec8
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Fri Mar 10 23:26:38 2017

Roll src/third_party/pdfium/ 6791295a4..e472622d3 (1 commit)

https://pdfium.googlesource.com/pdfium.git/+log/6791295a4e8c..e472622d33bd

$ git log 6791295a4..e472622d3 --date=short --no-merges --format='%ad %ae %s'
2017-03-10 npm Bound cbox from tricky faces

Created with:
  roll-dep src/third_party/pdfium
BUG= 699961 

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2741783005
Cr-Commit-Position: refs/heads/master@{#456215}

[modify] https://crrev.com/e4437fe7b0818475b020f6b3bf2b1577f49a3ec8/DEPS

ClusterFuzz has detected this issue as fixed in range 456190:456233.

Detailed report: https://clusterfuzz.com/testcase?key=5422528270172160

Fuzzer: ochang_search_index_mutator
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  CPDF_CIDFont::GetCharBBox
  CPDF_TextObject::CalcPositionData
  CPDF_StreamContentParser::AddTextObject
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=370022:370027
Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=456190:456233

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv95TNRUB7GYJUeFPgxiucqUVpQHc-evrByMlu1GSqv2rFRI8UTrQWPvZzhiMiMzyEdLY0h_VKgMC8S8dipLggBdrGpuAmpFv4yefBjgtPRW7ep0PrBeu6IOGReH_gfWUz-dy9QahdXFTlt-4B4L1lQKffg0Ut_gmEgPIsnMn0X9j5A8rXFz1l5mPldzPR907yhB2g_5knlAdSekdXmxXf5yqaFdUnu48DTkF30W_N7ybZlrbnN_0sg2hM9LO4xMSDi1kfiSi9gRiR129lQV4QJFVAkvSHOvyMzOptNPD6z7vHhf76hX8HE5mf4TuM2G1pIeYpGoPukJ30tBLw-jRRflPhTnD-J9PA8ihuDMhuji2-EoD2RI?testcase_id=5422528270172160


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5422528270172160 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.