Predator and CL could not provide any possible suspects.
Using Code Search for the file, "cfx_widestring.h" assigning it to concern owner using GIT Blame.

Suspecting Commit#
https://pdfium.googlesource.com/pdfium.git/+/ddb9b7cdd19b63a81c4a094239e85f84acefaa17

@rharrison -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium/+/a0377dc31bccf0e3427bd94fab5fed17c1283098

commit a0377dc31bccf0e3427bd94fab5fed17c1283098
Author: Ryan Harrison <rharrison@chromium.org>
Date: Tue Aug 15 15:14:00 2017

Add checks on length of string before accessing elements of string

BUG= chromium:754982 

Change-Id: I41da6828c714d3ed12fe796ae7e228d87b168962
Reviewed-on: https://pdfium-review.googlesource.com/10890
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>

[modify] https://crrev.com/a0377dc31bccf0e3427bd94fab5fed17c1283098/xfa/fxfa/parser/cxfa_resolveprocessor.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/95bfae4c37d01e52694745b477e3b0103a12da59

commit 95bfae4c37d01e52694745b477e3b0103a12da59
Author: pdfium-deps-roller@chromium.org <pdfium-deps-roller@chromium.org>
Date: Tue Aug 15 16:37:17 2017

Roll src/third_party/pdfium/ 73b492a5d..a0377dc31 (3 commits)

https://pdfium.googlesource.com/pdfium.git/+log/73b492a5d775..a0377dc31bcc

$ git log 73b492a5d..a0377dc31 --date=short --no-merges --format='%ad %ae %s'
2017-08-15 rharrison Add checks on length of string before accessing elements of string
2017-08-15 rharrison Remove GetAt from string classes
2017-08-15 dsinclair Remove default params from xfa/fde code.

Created with:
  roll-dep src/third_party/pdfium
BUG= 754982 


Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls


TBR=dsinclair@chromium.org

Change-Id: Ia669e6916652f35afa5055631535ab5b546ae400
Reviewed-on: https://chromium-review.googlesource.com/615186
Reviewed-by: <pdfium-deps-roller@chromium.org>
Commit-Queue: <pdfium-deps-roller@chromium.org>
Cr-Commit-Position: refs/heads/master@{#494408}
[modify] https://crrev.com/95bfae4c37d01e52694745b477e3b0103a12da59/DEPS

ClusterFuzz has detected this issue as fixed in range 494402:494473.

Detailed report: https://clusterfuzz.com/testcase?key=6079322795540480

Fuzzer: libFuzzer_pdfium_xfa_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000010
Crash State:
  CFX_WideString::GetAt
  CXFA_ResolveProcessor::Resolve
  CXFA_ResolveProcessor::ResolveExcalmatory
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=493954:493968
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=494402:494473

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6079322795540480

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6079322795540480 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.