Regression range points to 549692cbc0ab4e9929e6e5f13db879072b119fb0.

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This check fails only with a testing flag turned on, in a feature which is turned off by default at the moment. This is no release blocker.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/d9b42b7b3406478822d69adbab089c2abcfe608e

commit d9b42b7b3406478822d69adbab089c2abcfe608e
Author: Andreas Haas <ahaas@chromium.org>
Date: Mon Nov 20 13:58:04 2017

[wasm] Handle modules without code in streaming compilation

Streaming compilation started the compilation of a module at the
beginning of the code section. However, there exist valid modules which
do not contain a code section. In this CL we check for the existence of
a code section when we finish the stream. We do this by checking if the
module compiler in the AsyncCompileJob exists, because the module
compiler gets initialized at the beginning of the code section.

If we detect that compilation has not been started because there was no
code section, then we start compilation when the stream finishes.

R=clemensh@chromium.org

Bug:  chromium:771973 
Change-Id: I7c95a7a791d02254f086961e7cd81885eec27382
Reviewed-on: https://chromium-review.googlesource.com/778541
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49494}
[modify] https://crrev.com/d9b42b7b3406478822d69adbab089c2abcfe608e/src/wasm/module-compiler.cc
[modify] https://crrev.com/d9b42b7b3406478822d69adbab089c2abcfe608e/src/wasm/streaming-decoder.cc
[modify] https://crrev.com/d9b42b7b3406478822d69adbab089c2abcfe608e/test/cctest/wasm/test-streaming-compilation.cc

ClusterFuzz has detected this issue as fixed in range 49493:49494.

Detailed report: https://clusterfuzz.com/testcase?key=5792373912371200

Fuzzer: ochang_js_fuzzer
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: DCHECK failure
Crash Address: 
Crash State:
  (location_) != nullptr in handles.cc
  v8::internal::HandleBase::IsDereferenceAllowed
  v8::internal::wasm::AsyncCompileJob::FinishCompile::RunInForeground
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=48021:48022
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=49493:49494

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5792373912371200

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5782692049453056 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot