Predator and CL did not provide any possible suspects.

adding /src/third_party/WebKit/Source/platform/heap/OWNERS, requesting the team to check the issue and help.

sigbjornf@, can you please see if this is related to: https://bugs.chromium.org/p/chromium/issues/detail?id=682910 ?

Thank you!

ClusterFuzz has detected this issue as fixed in range 447444:447467.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5945763415982080

Fuzzer: lcamtuf_cross_fuzz
Job Type: linux_cfi_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  count <= maxHeapObjectSize / sizeof(T) in HeapAllocator.h
  blink::HeapAllocator::quantizedSize<>
  blink::toImplArray<>
  
Sanitizer: cfi (CFI)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_cfi_chrome&range=445271:445954
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_cfi_chrome&range=447444:447467

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95Td6GXarUjgqzllqzTaB8xjcyXTeXn_Z1_R9mN8o0AlL0TbK1Z3K-bvDyVngDPZkZFRb6lCfOOym24fJCiQI46DZnDaVKZhAVVD5kJQo7m3pJzpOLjbYks1XpxDXvgq4vXkAxhvFzuJaeiq5S_v-70cER6ZVIQcxaXh7QuDM1tHesbXmO7l07Q8KxRHpyzEeDXafWH9RaiGV6lB6x5iQLuiQjwJ666KCNpT9JKpO1V-y63m6G-ZpWvtzOflfkdQS3ttTk0iZ32Oqo5VXgzXRUx0Hu2vexS-igpVLd3YJ7ALbOWvY1OJUU7w8iYgavBM02XCDtbwjDMd0ArEaQvAHHCubEiSbmsTo4EpcAXKem0D61vEho?testcase_id=5945763415982080


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.