@marja, can you please have a look?

The test case uses the 'private' in an identifier position. 'private' is a FUTURE_STRICT_RESERVED_KEYWORD, and in one of the many code paths I forgot to check for that. I didn't research this a lot, but the bug is in since at least the last refactoring that I did. Likely due due to my last refactoring... :-/

I guess this wasn't ever noticed in practice, since using FUTURE_STRICT_RESERVED_KEYWORDS can't be used as identifiers anyhow. Still a bug...

The test case uses the 'private' in an identifier position. 'private' is a FUTURE_STRICT_RESERVED_KEYWORD, and in one of the many code paths I forgot to check for that. I didn't research this a lot, but the bug is in since at least the last refactoring that I did. Likely due due to my last refactoring... :-/

I guess this wasn't ever noticed in practice, since using FUTURE_STRICT_RESERVED_KEYWORDS can't be used as identifiers anyhow. Still a bug...

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/754bb9f98e1bf7dc7710bb54d7e9e999e6ee0d7e

commit 754bb9f98e1bf7dc7710bb54d7e9e999e6ee0d7e
Author: Daniel Vogelheim <vogelheim@chromium.org>
Date: Thu Feb 16 09:34:26 2017

[scanner] Keep literals around for FUTURE_STRICT_RESERVED_KEYWORD.

BUG= chromium:690003 

Change-Id: I0f80911426e9b201be61af313b4b5cacbb357bb5
Reviewed-on: https://chromium-review.googlesource.com/443329
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43236}
[modify] https://crrev.com/754bb9f98e1bf7dc7710bb54d7e9e999e6ee0d7e/src/parsing/scanner.cc

ClusterFuzz has detected this issue as fixed in range 450943:450989.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6534605479084032

Fuzzer: libfuzzer_v8_script_parser_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: UNKNOWN
Crash Address: 0x7fded6246228
Crash State:
  v8::internal::Scanner::SanityCheckTokenDesc
  v8::internal::Scanner::Scan
  v8::internal::Scanner::Next
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=415616:415651
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=450943:450989

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96Y4bimxXcWarqrd9hEyiDs3IX0OgXcvmmleOqAnokPqYeGocZI6XswifBnr_9vrZar8J9yLJ1tfgzj4rn_GGOjm4b-49VQ8vFXgf10w4wx19FuWg88MIBabz9pYwAudY80fVbSTIIU-LNtUFb_FE26K5sqMkhMHqJtelnyUZ9pmLV4gEnk2fraoUTZBDGLQUtjeQ9-H6I910mosPiK4EGDcsm_TQt2nhd2bWMtKpxDbt4YkdHjwN4gZ3L3G-yEdDZkXyP1AOjxCNRLu_ANi3gwPS_QWA8zz0DGh0QfGHHv9k_SzNmv6hZlnWMXQiA8K1kKh8t1j3xEIc_vrndQ9mPM-fNVddHiC29G3z8ZKfAFerXK2GHM3EVpiqLhRco1c6mzdWWFjbHfuKOPCPOzhRtI32ZItg?testcase_id=6534605479084032


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.