PTAL

ClusterFuzz has detected this issue as fixed in range 34586:34587.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6336812731072512

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_v8_mipsel_dbg
Platform Id: linux

Crash Type: Unreachable code
Crash Address: 
Crash State:
  src/wasm/asm-wasm-builder.cc
  
Regressed: V8: r33250:33251
Fixed: V8: r34586:34587

Minimized Testcase (0.17 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv94x22Y5OCOdGO1578XpCBdT1OPN1R8DNfpKD9bDbMtUQiDHkX3W8GU2oWq-kVNsA0sQicvUs6JBXNwtPXTPj1VEcr0rvmastPBxl7VQ3LXQBwhC_kcGQTcaFbpkMg7RW_QvnxOSqU28qUJHirb1iXqqK2d_SQ
function __f_9() {
  "use asm";
  %OptimizeFunctionOnNextCall();
  function __f_72() {
  }
  return {__f_72:__f_72};
}
 _WASMEXP_.instantiateModuleFromAsm( __f_9.toString());


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5149929791553536

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: Unreachable code
Crash Address: 
Crash State:
  src/wasm/asm-wasm-builder.cc
  
Regressed: V8: r34586:34587

Minimized Testcase (0.17 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96HQyqbmYwGJ0txAF6uV81rMJKe4ABzTy1iiBeKFDCCNYZMuo77xuD65zM1hJhS8Jnmti3Z6UBem3HrzgOCVhCWytrlrzpJp9BCKYNXvVnNot0u171ycCyy91wEhJIXJZTawJy-6JTzadQySH5c-76-703j2g
function __f_76() {
  "use asm";
  function __f_72() {
    %OptimizeFunctionOnNextCall();
  }
  return {__f_72:__f_72};
}
 Wasm.instantiateModuleFromAsm( __f_76.toString());


Filer: hablich

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Remove legacy label cr-blink-javascript.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/d622c3a8bdb2628820c3144d3f893ef4a52c9542

commit d622c3a8bdb2628820c3144d3f893ef4a52c9542
Author: titzer <titzer@chromium.org>
Date: Tue May 03 15:55:42 2016

[wasm] Disallow runtime calls in asm.js modules.

R=ahaas@chromium.org,bradnelson@chromium.org
BUG= chromium:592352 
LOG=Y

Review-Url: https://codereview.chromium.org/1943373002
Cr-Commit-Position: refs/heads/master@{#35992}

[modify] https://crrev.com/d622c3a8bdb2628820c3144d3f893ef4a52c9542/src/typing-asm.cc
[add] https://crrev.com/d622c3a8bdb2628820c3144d3f893ef4a52c9542/test/mjsunit/regress/regress-592352.js

ClusterFuzz has detected this issue as fixed in range 35991:35992.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5149929791553536

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: Unreachable code
Crash Address: 
Crash State:
  src/wasm/asm-wasm-builder.cc
  
Regressed: V8: r34586:34587
Fixed: V8: r35991:35992

Minimized Testcase (0.17 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96HQyqbmYwGJ0txAF6uV81rMJKe4ABzTy1iiBeKFDCCNYZMuo77xuD65zM1hJhS8Jnmti3Z6UBem3HrzgOCVhCWytrlrzpJp9BCKYNXvVnNot0u171ycCyy91wEhJIXJZTawJy-6JTzadQySH5c-76-703j2g
function __f_76() {
  "use asm";
  function __f_72() {
    %OptimizeFunctionOnNextCall();
  }
  return {__f_72:__f_72};
}
 Wasm.instantiateModuleFromAsm( __f_76.toString());


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot