Andreas, please take a look, maybe there is a better way of reporting an OOM.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/94266b7d86cfb7201461a9af2bfe2ec3268a70e3

commit 94266b7d86cfb7201461a9af2bfe2ec3268a70e3
Author: ahaas <ahaas@chromium.org>
Date: Mon Jan 23 12:09:52 2017

[wasm] Change the constant kV8MaxWasmMemoryPages to a command line flag.

The hardcoded constant caused a problem for the wasm fuzzer because
when the maximum memory was allocated in a test case, clusterfuzz ran
out of memory. with the command line flag we can set a lower limit
for the fuzzer.

The flag has the value of the constant as its default value, so that
for everything but the fuzzers nothing should change.

R=titzer@chromium.org
BUG= chromium:676888 

Review-Url: https://codereview.chromium.org/2626313003
Cr-Commit-Position: refs/heads/master@{#42599}

[modify] https://crrev.com/94266b7d86cfb7201461a9af2bfe2ec3268a70e3/src/compiler/wasm-compiler.cc
[modify] https://crrev.com/94266b7d86cfb7201461a9af2bfe2ec3268a70e3/src/flag-definitions.h
[modify] https://crrev.com/94266b7d86cfb7201461a9af2bfe2ec3268a70e3/src/flags.cc
[modify] https://crrev.com/94266b7d86cfb7201461a9af2bfe2ec3268a70e3/src/wasm/module-decoder.cc
[modify] https://crrev.com/94266b7d86cfb7201461a9af2bfe2ec3268a70e3/src/wasm/wasm-interpreter.cc
[modify] https://crrev.com/94266b7d86cfb7201461a9af2bfe2ec3268a70e3/src/wasm/wasm-js.cc
[modify] https://crrev.com/94266b7d86cfb7201461a9af2bfe2ec3268a70e3/src/wasm/wasm-limits.h
[modify] https://crrev.com/94266b7d86cfb7201461a9af2bfe2ec3268a70e3/src/wasm/wasm-module.cc
[modify] https://crrev.com/94266b7d86cfb7201461a9af2bfe2ec3268a70e3/test/fuzzer/wasm-asmjs.cc
[modify] https://crrev.com/94266b7d86cfb7201461a9af2bfe2ec3268a70e3/test/fuzzer/wasm.cc

ClusterFuzz has detected this issue as fixed in range 445400:445461.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6487262947966976

Fuzzer: libfuzzer_v8_wasm_asmjs_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Out-of-memory (exceeds 2048 MB)
Crash Address: 
Crash State:
  v8_wasm_asmjs_fuzzer
  
Sanitizer: undefined (UBSAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=430924:430941
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=445400:445461

Minimized Testcase (0.01 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97nLcqMSsFMNMJwQ3txn1eDDzEz_vi6KMzVDPW9_oTPw0ZGD5cje3w3eFYlLskp5joirgkb9sf29IkKGWiBxt9VQ106NamnEGbAs7NmEi2pEi_tAhQdvUsInJh2jFstWteC7oscFcJ_cemWRoGqs8c4c7LVQEcJf9TLrMG4sy3XZEdB928NP0cJQStHXYzR56aGINvjm06U8wLydcWAm0tVgn3O1sP59kKnV3PGicn4TkDI1TRearhb0ZX1_5_ZLiPviwCIk7Iym2DC5uAI2tyMoFfgcWFiqyp2mqEsMs8x3XsCjs-W69c6rx0yIWVXesfnuvkVe1cGy_F0aGWl-q-wiQrJzvmItQIlfDPMsXlKlPBX4_RDQesS7GQgFPkevMTkCAasPeFw45l4SfSyRTe8iHNmwg?testcase_id=6487262947966976

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6487262947966976 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.