Predator and CL could not provide any possible suspects.

This issue looks similar to  Issue 715380 , hence assigning it to the concern owner.

yutak@-- Could you please look into the issue, kindly re-assign if this is not related to your changes.


Thank You.

Actually I'm not sure how this test case reaches the Blob constructor. (Is Mac
special on this respect?)

Anyway, this is a CHECK failure on an unlikely situation, so not serious at all.

ClusterFuzz has detected this issue as fixed in range 544435:544631.

Detailed report: https://clusterfuzz.com/testcase?key=6423823493890048

Fuzzer: inferno_layout_test_unmodified
Job Type: mac_asan_content_shell
Platform Id: mac

Crash Type: CHECK failure
Crash Address: 
Crash State:
  VerifySubRange<T>(buffer.get(), byte_offset, length) in TypedArrayBase.h
  scoped_refptr<WTF::Int32Array> WTF::TypedArrayBase<int>::Create<WTF::Int32Array>
  blink::DOMTypedArray<WTF::Int32Array, v8::Int32Array>::Create
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=507321:507330
Fixed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=544435:544631

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6423823493890048

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6423823493890048 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.