Cast assert seems scary, hiding this to let v8 sheriff to triage.

Regression range and repro points at 7b300ba2e966c0d104d3755707a6d59a74944771. Note that I can only reproduce this on 32-bit architectures (i.e. tried ia32 and ARM, both reproduce).

CL to fix here: https://chromium-review.googlesource.com/c/514348/

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/89a6f9c138772e7f8c83f8a68ad95a4ea37a18a5

commit 89a6f9c138772e7f8c83f8a68ad95a4ea37a18a5
Author: Ben Smith <binji@chromium.org>
Date: Wed May 31 15:08:52 2017

Fix Check failure on OOB access in Atomics.wait

Bug:  chromium:724973 
Change-Id: I227b30b50f92fac7d6cf3ec3369e324282352ccb
Reviewed-on: https://chromium-review.googlesource.com/514348
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45643}
[modify] https://crrev.com/89a6f9c138772e7f8c83f8a68ad95a4ea37a18a5/src/builtins/builtins-sharedarraybuffer.cc
[modify] https://crrev.com/89a6f9c138772e7f8c83f8a68ad95a4ea37a18a5/test/mjsunit/harmony/futex.js

ClusterFuzz has detected this issue as fixed in range 45642:45643.

Detailed report: https://clusterfuzz.com/testcase?key=6023488715620352

Fuzzer: inferno_js_fuzzer
Job Type: linux_asan_d8_v8_arm_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  is_valid in conversions-inl.h
  v8::internal::NumberToSize
  v8::internal::ValidateAtomicAccess
  
Sanitizer: address (ASAN)

Regressed: V8: 44625:44626
Fixed: V8: 45642:45643

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6023488715620352


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot