titzer: Could you take a look at this? Seems related to https://chromium.googlesource.com/v8/v8.git/+/6cf621ec891edb0c56ac1773a0fd57ee7a296713

This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5990333664198656

Fuzzer: libfuzzer_v8_wasm_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 1
Crash Address: 0x61200000ac72
Crash State:
  ValueOf
  unibrow::Utf8::Validate
  DecodeGlobalInModule
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=408535:408588

Minimized Testcase (0.24 Kb): https://cluster-fuzz.appspot.com/download/AMIfv960CnPtFPBL3Bv9drFvpVL6pta_TR8a8NOI4dK5vRkSvXYBhOF6dSwjZcfwzEgGxoHftMIQZV-MaB0PeYcLY3UTjM24FZYbRWdBiGHeVGHHDktP6ATtM1Gn1jVM6gCtK6tE8i7bI-zjBcDYs5YgJ9xCr9na7Q?testcase_id=5990333664198656

Issue manually filed by: mbarbella

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

 Issue 636434  has been merged into this issue.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5957243625537536

Fuzzer: libfuzzer_v8_wasm_asmjs_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  unibrow::Utf8::Validate
  DecodeGlobalInModule
  DecodeModule
  
Recommended Security Severity: Low

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=409699:409766

Minimized Testcase (0.02 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96JOoq4FsRkJ2czrAEvipWdAYItrEbYkdQstAuV_mGoMWLQWyJ0aN6HH838K_IA9myXAjBBE2yzrHfsxtnb7-9C0OFlmXFCJ1BJRfOhyYJHyMWuLcuUog6XmcavDwWceU2XFTnebgGVVl0W74WJO1jK22hTEQ?testcase_id=5957243625537536

Additional requirements: Requires Gestures

Issue manually filed by: ochang

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5424560013049856

Fuzzer: afl_v8_wasm_asmjs_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 1
Crash Address: 0x6110000090d0
Crash State:
  unibrow::Utf8::CalculateValue
  unibrow::Utf8::Validate
  v8::internal::wasm::DecodeWasmModule
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=409719:409783

Minimized Testcase (0.20 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96X058FEAu_ZjdiOUcmRffjGjbEZqltJUswLPRNDrdErRM2U1yMOMj-c3Csqo2de4aDjg9Iyn9CeNkfGSxfRCgHQCxDIhwbzcByJbWUkxuWp_YBVE41wsTCRuIoWN8tMpls5xY-5SKaUKfoiJe2q3eogzHBtA?testcase_id=5424560013049856

Issue manually filed by: mmoroz

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

titzer: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

ClusterFuzz has detected this issue as fixed in range 413168:413317.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5424560013049856

Fuzzer: afl_v8_wasm_asmjs_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 1
Crash Address: 0x6110000090d0
Crash State:
  unibrow::Utf8::CalculateValue
  unibrow::Utf8::Validate
  v8::internal::wasm::DecodeWasmModule
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=409719:409783
Fixed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=413168:413317

Minimized Testcase (0.20 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96X058FEAu_ZjdiOUcmRffjGjbEZqltJUswLPRNDrdErRM2U1yMOMj-c3Csqo2de4aDjg9Iyn9CeNkfGSxfRCgHQCxDIhwbzcByJbWUkxuWp_YBVE41wsTCRuIoWN8tMpls5xY-5SKaUKfoiJe2q3eogzHBtA?testcase_id=5424560013049856

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 413168:413317.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6575611776860160

Fuzzer: afl_v8_wasm_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 1
Crash Address: 0x610000006f00
Crash State:
  unibrow::Utf8::Validate
  v8::internal::wasm::DecodeWasmModule
  v8::internal::wasm::testing::CompileAndRunWasmModule
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=409719:409783
Fixed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=413168:413317

Minimized Testcase (0.12 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96EzFJ-Tqn4ZQqMVnGV7u_dCvnBQYpY1jLwl37JJFihXfdta8pPiax7B5j1WezabVgjCuR1Bxx3y8GtAESgJ42sjgDPb0gkzfHEq91Rm9_yX28T3_XKMjo5UzDmyb73FiLsGZ6B0ApYkfL0bApwGWyamX2-zQ?testcase_id=6575611776860160

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 413142:413297.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5990333664198656

Fuzzer: libfuzzer_v8_wasm_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 1
Crash Address: 0x61200000ac72
Crash State:
  ValueOf
  unibrow::Utf8::Validate
  DecodeGlobalInModule
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=408535:408588
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=413142:413297

Minimized Testcase (0.24 Kb): https://cluster-fuzz.appspot.com/download/AMIfv960CnPtFPBL3Bv9drFvpVL6pta_TR8a8NOI4dK5vRkSvXYBhOF6dSwjZcfwzEgGxoHftMIQZV-MaB0PeYcLY3UTjM24FZYbRWdBiGHeVGHHDktP6ATtM1Gn1jVM6gCtK6tE8i7bI-zjBcDYs5YgJ9xCr9na7Q?testcase_id=5990333664198656

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot