Unable to find actual suspect through code search and also observing no CL's under regression range, hence adding appropriate label and requesting someone from dev team to look in to this issue.

Thanks!

mmoroz@, can you please see if this change (https://chromium.googlesource.com/chromium/src/+/6d7b69ac40b01d87e8499cb8232631c69bd3269a) is related?

Thank you!

Not really. I've just enabled new instrumentation, didn't change any PDFium code.

This is XFA only.

Actually, pdf_xml_fuzzer should not be XFA only, since the code it fuzzes is in non-XFA builds.

https://pdfium-review.googlesource.com/44172

ClusterFuzz has detected this issue as fixed in range 600184:600189.

Detailed report: https://clusterfuzz.com/testcase?key=5587890867011584

Fuzzer: libFuzzer_pdf_xml_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Timeout (exceeds 25 secs)
Crash Address: 
Crash State:
  pdf_xml_fuzzer
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=583284:583299
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=600184:600189

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5587890867011584

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5587890867011584 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

PartitionAlloc update broke the fuzzer.

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium/+/d78358d506c2e700a1177f93bdb915154eefae5c

commit d78358d506c2e700a1177f93bdb915154eefae5c
Author: Lei Zhang <thestig@chromium.org>
Date: Wed Oct 17 20:33:21 2018

Optimize appends in CFX_XMLNode::InsertChildNode().

Skip to the end of the linked list instead of traversing it.

BUG= chromium:895234 

Change-Id: I56d6bee3cd099a1a7343eb2b067d522ec69c261a
Reviewed-on: https://pdfium-review.googlesource.com/c/44172
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>

[modify] https://crrev.com/d78358d506c2e700a1177f93bdb915154eefae5c/core/fxcrt/xml/cfx_xmlnode.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/92a388889cb22a7cc5a00a191805c03dd73894ff

commit 92a388889cb22a7cc5a00a191805c03dd73894ff
Author: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com>
Date: Thu Oct 18 05:06:45 2018

Roll src/third_party/pdfium 785a26dc649a..ec885bad72ef (5 commits)

https://pdfium.googlesource.com/pdfium.git/+log/785a26dc649a..ec885bad72ef


git log 785a26dc649a..ec885bad72ef --date=short --no-merges --format='%ad %ae %s'
2018-10-17 tsepez@chromium.org Remove CPDFSDK_Annot::GetMinWidth() and GetMinHeight().
2018-10-17 tsepez@chromium.org Nest CJS_GlobalData_Element in CJS_GlobalData.
2018-10-17 thestig@chromium.org Optimize appends in CFX_XMLNode::InsertChildNode().
2018-10-17 thestig@chromium.org Add FORM_OnLButtonDoubleClick().
2018-10-17 tsepez@chromium.org Add CPDF_{Array,Dictionary}Locker to catch illegal iteration patterns.


Created with:
  gclient setdep -r src/third_party/pdfium@ec885bad72ef

The AutoRoll server is located here: https://autoroll.skia.org/r/pdfium-autoroll

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, please contact the current sheriff, who should
be CC'd on the roll, and stop the roller if necessary.



BUG= chromium:895234 
TBR=dsinclair@chromium.org

Change-Id: I3491a433f5e1dbb57578a26fce3394fa69e253ca
Reviewed-on: https://chromium-review.googlesource.com/c/1286085
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: chromium-autoroll <chromium-autoroll@skia-public.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#600663}
[modify] https://crrev.com/92a388889cb22a7cc5a00a191805c03dd73894ff/DEPS