Predator and CL did not provide any possible suspects.
Assigning to concern owner who might be related.

@rharrison -- Could you please look into the issue, kindly re-assign if this is not related your changes.
Thank You.

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium/+/a169364e46956875db35fb1baacc4a0a1ee17f08

commit a169364e46956875db35fb1baacc4a0a1ee17f08
Author: Ryan Harrison <rharrison@chromium.org>
Date: Wed Aug 16 19:02:51 2017

Add parse depth limit to FormCalc parser

Due to the recursive nature of the FormCalc parser, deeply nested
expressions can lead to memory being exhausted. This check is being
added to have the parser exit early instead of running out of
memory. This should reduce the number of false positives about
addressing issues being found by fuzzers.

BUG= chromium:752433 

Change-Id: I511ecfb07e32073555e1fd1658f3b8b47f1a5a91
Reviewed-on: https://pdfium-review.googlesource.com/11170
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>

[modify] https://crrev.com/a169364e46956875db35fb1baacc4a0a1ee17f08/xfa/fxfa/fm2js/cxfa_fmparser.h
[modify] https://crrev.com/a169364e46956875db35fb1baacc4a0a1ee17f08/xfa/fxfa/fm2js/cxfa_fmparser_unittest.cpp
[modify] https://crrev.com/a169364e46956875db35fb1baacc4a0a1ee17f08/xfa/fxfa/fm2js/cxfa_fmparser.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/27ec0b7c12ce7e2e231cc7955f2946fe6915d897

commit 27ec0b7c12ce7e2e231cc7955f2946fe6915d897
Author: pdfium-deps-roller@chromium.org <pdfium-deps-roller@chromium.org>
Date: Wed Aug 16 20:51:01 2017

Roll src/third_party/pdfium/ ca8982977..a169364e4 (7 commits)

https://pdfium.googlesource.com/pdfium.git/+log/ca89829775fe..a169364e4695

$ git log ca8982977..a169364e4 --date=short --no-merges --format='%ad %ae %s'
2017-08-16 rharrison Add parse depth limit to FormCalc parser
2017-08-16 rharrison Add in missting string length check
2017-08-16 thestig Fix potential OOM / integer overflow in CPDF_Parser.
2017-08-14 tsepez Check for possible empty object returns from NewFxDynamicObj()
2017-08-16 janeliulwq Fixed the return values of FPDFAnnot_Get{Rect|AttachmentPoints}
2017-08-16 dsinclair Remove CFWL_WidgetMgrDelegate
2017-08-15 janeliulwq Changed the return type of FPDFAnnot_Get{Rect|AttachmentPoints}()

Created with:
  roll-dep src/third_party/pdfium
BUG= 752433 , 754984 , 752796 


Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls


TBR=dsinclair@chromium.org

Change-Id: I1a6f55adde2f82919d1e644a9f1ccd5c301bba29
Reviewed-on: https://chromium-review.googlesource.com/617402
Reviewed-by: <pdfium-deps-roller@chromium.org>
Commit-Queue: <pdfium-deps-roller@chromium.org>
Cr-Commit-Position: refs/heads/master@{#494941}
[modify] https://crrev.com/27ec0b7c12ce7e2e231cc7955f2946fe6915d897/DEPS

ClusterFuzz has detected this issue as fixed in range 494860:494945.

Detailed report: https://clusterfuzz.com/testcase?key=4678341541232640

Fuzzer: libFuzzer_pdf_fm2js_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Stack-overflow
Crash Address: 0x7ffe1bd0afe8
Crash State:
  pdfium::internal::MakeUniqueResult<CXFA_FMToken>::Scalar pdfium::MakeUnique<CXFA
  CXFA_FMLexer::NextToken
  CXFA_FMParser::NextToken
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=490660:490669
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=494860:494945

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4678341541232640

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4678341541232640 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.