Assingning to v8 cf sheriff. 

Removing owner to give predator a chance to auto-assign...

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/87713b37562e0be06419005fe05363bc10e748a2 (Fix UMA stats for WASM functions).

If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.

At tip of tree and works for me.

I can reproduce this locally. You need to make sure to pass the flags in the ClusterFuzz report:

d8 --random-seed=1660774973 --invoke-weak-callbacks --omit-quit --disable-in-process-stack-traces --future --wasm-test-streaming clusterfuzz-testcase-minimized-5604860472066048.js

Ahh, That probably explains it. It is probably due to --wasm-test-streaming which implements a streaming version of the buffer. Redirecting to ahaas.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This check fails only with a testing flag turned on, in a feature which is turned off by default at the moment. This is no release blocker.

ClusterFuzz has detected this issue as fixed in range 49116:49117.

Detailed report: https://clusterfuzz.com/testcase?key=5604860472066048

Fuzzer: ochang_js_fuzzer
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: Heap-buffer-overflow WRITE 8
Crash Address: 0x607000000718
Crash State:
  v8::internal::wasm::ModuleDecoderImpl::DecodeFunctionBody
  v8::internal::wasm::AsyncStreamingProcessor::ProcessFunctionBody
  ProcessFunctionBody
  
Sanitizer: address (ASAN)

Recommended Security Severity: High

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=48124:48125
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=49116:49117

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5604860472066048

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5604860472066048 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

> This check fails only with a testing flag turned on, in a feature which is turned off by default at the moment.

The correct label for features turned off by default is Security_Impact-None. Please use that instead of dropping the Security-Severity label, as the severity label is still useful for tracking. (we are updating the docs to clarify this)

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot