Aseem, please look into this one and see if you can repo + understand. Thanks!

 Issue 617614  has been merged into this issue.

This error is legitimate. The ffi can not be modified inside the module. However, the error occurs only in Debug mode. The typer should catch in release build.

fixed with https://codereview.chromium.org/2123283007/

ClusterFuzz has detected this issue as fixed in range 37652:37653.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5256224933412864

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_v8_arm64_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !v->IsParameter() in asm-wasm-builder.cc
  
Regressed: V8: r36291:36292
Fixed: V8: r37652:37653

Minimized Testcase (0.33 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96q7VrfNvlDMHIi3C4EZvAgE7lXJxhe1Osaw7xDVdhoFiLivV7fIIK5z9AnejF1Qxwza8loo1OhJLVY0l9T45Kah8urtzwskwPvwsV7tecE3aUugzmICCDkBWeypc10XtgpNA6mhNc6ecaGldnu2N0JIK1Ryg?testcase_id=5256224933412864
(function () {
})();
  function __f_41(stdlib, __v_35) {
    "use asm";
    __v_35 = __v_35;
    function __f_21(int_val, double_val) {
      int_val = int_val|0;
      double_val = +double_val;
    }
    return {__f_21:__f_21};
  }
  function __f_10() {
  }
  var module = Wasm.instantiateModuleFromAsm(__f_41.toString());
( {
})();


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot