Predator and CL could not provide any possible suspects.
Assigning to concern owner who previously worked on similar issues.

@rharrison -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

XFA issue, not enabled in an releases

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium/+/4fe8ea5bba4bd505b5bd35395c68799771b0bd7d

commit 4fe8ea5bba4bd505b5bd35395c68799771b0bd7d
Author: Ryan Harrison <rharrison@chromium.org>
Date: Wed Sep 20 16:10:06 2017

Add in missed parse recursion depth checks

Some of the calls in CXFA_FMParser on the prase recursion had been
missed when adding in the parse depth limiting logic. The fuzzers
found them.

BUG= chromium:759295 

Change-Id: Iad54beb356c4c555908797d4b58a42549c006e9e
Reviewed-on: https://pdfium-review.googlesource.com/14510
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>

[modify] https://crrev.com/4fe8ea5bba4bd505b5bd35395c68799771b0bd7d/xfa/fxfa/fm2js/cxfa_fmparser.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/bddfe0bd31d6409545fa1f1f9d24a9e9ea8a2e89

commit bddfe0bd31d6409545fa1f1f9d24a9e9ea8a2e89
Author: pdfium-deps-roller@chromium.org <pdfium-deps-roller@chromium.org>
Date: Wed Sep 20 20:23:51 2017

Roll src/third_party/pdfium/ bc4818564..4fe8ea5bb (2 commits)

https://pdfium.googlesource.com/pdfium.git/+log/bc48185643b3..4fe8ea5bba4b

$ git log bc4818564..4fe8ea5bb --date=short --no-merges --format='%ad %ae %s'
2017-09-20 rharrison Add in missed parse recursion depth checks
2017-09-20 dsinclair Implement CFDE_TextEditEngine::GetIndex* methods.

Created with:
  roll-dep src/third_party/pdfium
BUG= 759295 


Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls


TBR=dsinclair@chromium.org

Change-Id: Ic7581ff8d456cd18dd1db471cea5b8ea17b962e4
Reviewed-on: https://chromium-review.googlesource.com/675843
Reviewed-by: <pdfium-deps-roller@chromium.org>
Commit-Queue: <pdfium-deps-roller@chromium.org>
Cr-Commit-Position: refs/heads/master@{#503233}
[modify] https://crrev.com/bddfe0bd31d6409545fa1f1f9d24a9e9ea8a2e89/DEPS

ClusterFuzz has detected this issue as fixed in range 503229:503270.

Detailed report: https://clusterfuzz.com/testcase?key=4941711469182976

Fuzzer: libFuzzer_pdf_fm2js_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: Stack-overflow
Crash Address: 0x7ffd87324c98
Crash State:
  CXFA_FMParse::ParseExpression
  CXFA_FMParse::ParseBlockExpression
  CXFA_FMParse::ParseDoExpression
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=423792:423807
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=503229:503270

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4941711469182976

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4941711469182976 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.