Assigning to concern owner from Predator results --

The result is a list of CLs that change the crashed files. 

Author: Nicolas Pena
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/54b9166366085b30b7ee3094c2b71cd36e377153
Time: Fri May 05 16:49:30 2017 -0400
The CL last changed line 152 of file fx_extension.cpp, which is stack frame 9. 

Author: Nicolas Pena
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/54b9166366085b30b7ee3094c2b71cd36e377153
Time: Fri May 05 16:49:30 2017 -0400
The CL last changed line 116 of file fpdfedittext.cpp, which is stack frame 10. 

Author: Nicolas Pena
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/54b9166366085b30b7ee3094c2b71cd36e377153
Time: Fri May 05 16:49:30 2017 -0400
The CL last changed line 194 of file fpdfedittext.cpp, which is stack frame 11.

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium/+/fb71fbb8e8e48047fd6a8f86ad7e59a9846a2784

commit fb71fbb8e8e48047fd6a8f86ad7e59a9846a2784
Author: Nicolas Pena <npm@chromium.org>
Date: Tue May 23 17:29:00 2017

Do not include large unicode values in the ToUnicode map

Freetype can get to values larger than 0x10FFFF, but our current implementation
of the ToUnicode mapping and the function FXSYS_ToUTF16BE does not support
these values.

Bug:  chromium:724962 
Change-Id: I7069f33429527dbf2d0bfd2033512fe909970c02
Reviewed-on: https://pdfium-review.googlesource.com/5810
Commit-Queue: Nicolás Peña <npm@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>

[modify] https://crrev.com/fb71fbb8e8e48047fd6a8f86ad7e59a9846a2784/fpdfsdk/fpdfedittext.cpp

ClusterFuzz has detected this issue as fixed in range 474010:474073.

Detailed report: https://clusterfuzz.com/testcase?key=5783676616179712

Fuzzer: libfuzzer_pdf_font_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  unicode <= ADDRESS || (unicode > ADDRESS && unicode <= ADDRESS)
  FXSYS_ToUTF16BE
  AddUnicode
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=472896:472939
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=474010:474073

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5783676616179712


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5783676616179712 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.