https://codereview.chromium.org/1821723004 should address this. It is a fix for a potential memory safety issue. Could someone take a look?

Bulk edit to remove recently filed RUNTIME_ASSERT bugs from the security triage queue.

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4965286377160704

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_v8_arm64_dbg
Platform Id: linux

Crash Type: RUNTIME_ASSERT
Crash Address: 
Crash State:
  has_property_ in src/lookup.h
  
Regressed: V8: r34875:34876

Minimized Testcase (0.15 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv95Ui21qUlxunSrUI_SNvuzAF5rTOQog7Hg65_JyG2jckVG5LGEM4mwC6RF7Zr0wso8v9TYOtOf0Fa9AfQa08EBHkmo3-07l6UmZfgtbmI-ZctXGMQryxw1ODA92YW5ouA_0sznbSc_gXl7UrYcFHWRHyJ5-Aw
try {
( {
})();
} catch(e) {; }
__v_9 = new Int32Array(5);
array = new Array(10);
array.__proto__ = __v_9;
__v_11 = Array.prototype.concat.call(array);


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot