Adding the related Dev in Cc from Predator results --
The result is a list of CLs that change the crashed files. 

Author: Werner Lemberg
Project: chromium-freetype
Changelist: https://chromium.googlesource.com/chromium/src/third_party/freetype2.git/+/0ad326236607df0802dc72c4f13b3f35484b7672
Time: Thu Jun 01 15:00:37 2017
Lines 411-419 of file ftglyph.c which potentially caused crash are changed in this cl (frame #4, "FT_Get_Glyph").
Minimum distance from crash line to modified line: 0. (file: ftglyph.c, crashed on: 411, modified: 411).

@Werner Lemberg -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

I'm not allowed to access the reproducer testcase.  Please send it to me privately.

Thanks for the file.  However, running ftfuzzer compiled with clang in both 32bit and 64bit mode on this file, I don't get any issue.  What shall I look for?

Does ftfuzzer have LSAN enabled? The clusterfuzz page says:

Direct leak of 80 byte(s) in 1 object(s) allocated from:

#0 __interceptor_malloc
#1 ft_mem_qalloc third_party/freetype/src/src/base/ftutil.c:76:15
#2 ft_mem_alloc third_party/freetype/src/src/base/ftutil.c:55:25
#3 ft_new_glyph third_party/freetype/src/src/base/ftglyph.c:300:12
#4 FT_Get_Glyph third_party/freetype/src/src/base/ftglyph.c:406:13
#5 CPDF_CIDFont::GetCharBBox(unsigned int) third_party/pdfium/core/fpdfapi/font/cpdf_cidfont.cpp:452:15

Ah, my mistake, `ftfuzzer' doesn't call FT_New_Glyph :-)

Fixed now in git, I think.

Fixed upstream: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=fe0a7d9df5b45430b6a36627c857f0393c77fbb5

ClusterFuzz has detected this issue as fixed in range 487082:487198.

Detailed report: https://clusterfuzz.com/testcase?key=5201857772519424

Fuzzer: libFuzzer_pdf_font_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  ft_mem_qalloc
  ft_mem_alloc
  ft_new_glyph
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=483400:483567
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=487082:487198

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5201857772519424


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5201857772519424 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.