Through code search on file cpdf_cidfont.cpp, suspected CL is
https://pdfium.googlesource.com/pdfium.git/+/412fa65331cc04776bf1e3da5f51f29ea0fc7937

That's not the correct suspect (not really a regression), but I'm the right owner :)

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium/+/c83c28092f67f352cbd690138151b253dfdf547b

commit c83c28092f67f352cbd690138151b253dfdf547b
Author: Nicolas Pena <npm@chromium.org>
Date: Tue Mar 14 20:18:08 2017

Prevent integer overflow in CPDF_CIDFONT::LoadMetricsArray

The CIDs are unsigned integers. Avoid overflow since they are given as input
from the PDF file.

BUG= chromium:700787 

Change-Id: Icdc3efbbd0f4f2ad8d5b4f4f52926e20f7e06391
Reviewed-on: https://pdfium-review.googlesource.com/3052
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>

[modify] https://crrev.com/c83c28092f67f352cbd690138151b253dfdf547b/core/fpdfapi/font/cpdf_cidfont.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/535da18278f32a61f2773a5c39ea71ccac859704

commit 535da18278f32a61f2773a5c39ea71ccac859704
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Tue Mar 14 21:45:21 2017

Roll src/third_party/pdfium/ 6b94f01d1..c83c28092 (4 commits)

https://pdfium.googlesource.com/pdfium.git/+log/6b94f01d1c8a..c83c28092f67

$ git log 6b94f01d1..c83c28092 --date=short --no-merges --format='%ad %ae %s'
2017-03-14 npm Prevent integer overflow in CPDF_CIDFONT::LoadMetricsArray
2017-03-14 dsinclair Convert CPDF_Creator::m_Pos to uint32_t
2017-03-14 tsepez Replace CXFA_{Object,Node}Array with std::vector
2017-03-14 dsinclair Replace FX_FLOAT with underlying float type.

Created with:
  roll-dep src/third_party/pdfium
BUG= 700787 

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2748213002
Cr-Commit-Position: refs/heads/master@{#456846}

[modify] https://crrev.com/535da18278f32a61f2773a5c39ea71ccac859704/DEPS

ClusterFuzz has detected this issue as fixed in range 456626:457730.

Detailed report: https://clusterfuzz.com/testcase?key=4935686236143616

Fuzzer: tokenfuzz_pdf_curated
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  CPDF_CIDFont::LoadMetricsArray
  CPDF_CIDFont::Load
  CPDF_Font::Create
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=370022:370027
Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=456626:457730

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94GdY9Iy_bc2z2q_dtQ6aflOdS4dWUJQ2-Vs6bXJlEcAE3r6iDBwUJIy2MYUW49Dz0JfAbxfZl2NKUC0YE1ltgDE2gmxCbndS3LbB7n0SKBQp-S_0W8gJgjSN6x_uW5E7mobEMytYKIC4Y0asf4kYoy67hUvo9_cFQ6bLddj0ijQmqvIkmYIFwjoD-Cx2E8_zRBPa1hB6q3_PsbuBByUlh58hDoMDyeNfk_CmRszIs8R72cNUEdFg6v_iaEOktc845daDwiO-mXoUKYihahkAP4uYDh2T5dAHrybjcroJkyyPDECGqey6BcSutoDIxXjDusqZ_z4c3aOlN6M_n3S2ZL-bddCYjyl1bbed_LEXIBn44uWUk?testcase_id=4935686236143616


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.