Cast assert seems scary, hiding this to let v8 sheriff to triage.

WasmMemoryObject::buffer field may be undefined but the buffer() getter expects it as a JSArrayBuffer.

ClusterFuzz has detected this issue as fixed in range 45664:45665.

Detailed report: https://clusterfuzz.com/testcase?key=4678125190643712

Fuzzer: inferno_js_fuzzer
Job Type: linux_asan_d8_v8_arm64_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !v8::internal::FLAG_enable_slow_asserts || (object->IsJSArrayBuffer()) in object
  cast
  v8::internal::WasmMemoryObject::buffer
  
Sanitizer: address (ASAN)

Regressed: V8: 43658:43659
Fixed: V8: 45664:45665

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4678125190643712


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot