Issue 734439  has been merged into this issue.

 Issue 734436  has been merged into this issue.

 Issue 734430  has been merged into this issue.

 Issue 734421  has been merged into this issue.

 Issue 734365  has been merged into this issue.

 Issue 734352  has been merged into this issue.

 Issue 734268  has been merged into this issue.

 Issue 734247  has been merged into this issue.

Assigning to the concern owner from Predator results --

Regression information is not available. The result is the blame information. 

Author: dcarney@chromium.org
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/499b31e222b15cfcc01f0ef54f02508c299e3ca3
Time: Tue Feb 25 13:53:06 2014
The CL last changed line 261 of file platform-posix.cc, which is stack frame 0. 

Author: jochen@chromium.org
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/a4506cd3f2e6735b07b31e26ed0916eb253ced27
Time: Mon Jun 30 13:25:46 2014
The CL last changed line 126 of file logging.cc, which is stack frame 1. 

Author: Andreas Haas
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/eb64b26f8f272936b7b5a6f3ebe306ea0b329834
Time: Mon May 08 09:22:54 2017
The CL last changed line 190 of file wasm-fuzzer-common.cc, which is stack frame 2. 

Author: Andreas Haas
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/eb64b26f8f272936b7b5a6f3ebe306ea0b329834
Time: Mon May 08 09:22:54 2017
The CL last changed line 334 of file wasm-compile.cc, which is stack frame 3.

@jochen -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

 Issue 734361  has been merged into this issue.

 Issue 734542  has been merged into this issue.

 Issue 735022  has been merged into this issue.

 Issue 734977  has been merged into this issue.

 Issue 734952  has been merged into this issue.

 Issue 734909  has been merged into this issue.

 Issue 734845  has been merged into this issue.

 Issue 735501  has been merged into this issue.

 Issue 735768  has been merged into this issue.

The problem here is that the input is so big that it does not finish executing within the step limit of the interpreter. The solution will be to not execute the compiled code in this case. Thereby we also avoid executing an infinite loop in the compiled code.

ClusterFuzz testcase 5348915615629312 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

ClusterFuzz has detected this issue as fixed in range 481615:481649.

Detailed report: https://clusterfuzz.com/testcase?key=6032060765700096

Fuzzer: afl_v8_wasm_compile_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  WasmCodeFuzzerHash=33d72 in wasm-fuzzer-common.cc
  v8::internal::wasm::fuzzer::WasmExecutionFuzzer::FuzzWasmModule
  
Sanitizer: address (ASAN)

Fixed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=481615:481649

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6032060765700096


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.