Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/fd52adcb5cdc7bf5fba3a6eddc3f8b60a6354d1f ([wasm] Use modification scopes on module level and not function level).

If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

+awhalley@

The repro requires a flag which is currently turned off by default. Therefore I remove the release blocker and the security severity for now.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/e21bac5b0ba22a8aab396ed02a6ec3e50999ea4b

commit e21bac5b0ba22a8aab396ed02a6ec3e50999ea4b
Author: Andreas Haas <ahaas@chromium.org>
Date: Mon Nov 27 13:48:34 2017

[wasm] Open CodeSpaceMemoryModificationScope after imports got sanitized

Within SanitizeImports it is possible that JavaScript code gets executed
therefore we have to open the CodeSpaceMemoryModificationScope after
SanitizeImports.

R=clemensh@chromium.org

Bug:  chromium:788469 
Change-Id: Ide9bbd4ee4613b28380979d4a6c66d26e6a9406f
Reviewed-on: https://chromium-review.googlesource.com/789936
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49635}
[modify] https://crrev.com/e21bac5b0ba22a8aab396ed02a6ec3e50999ea4b/src/wasm/module-compiler.cc
[modify] https://crrev.com/e21bac5b0ba22a8aab396ed02a6ec3e50999ea4b/test/mjsunit/wasm/ffi.js

Thanks for taking on this issue ahaas@! 
I adjusted some labels, so future security sheriff don't need to triage this one again. 

ClusterFuzz has detected this issue as fixed in range 49634:49635.

Detailed report: https://clusterfuzz.com/testcase?key=6016262194069504

Fuzzer: ochang_js_fuzzer
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x7f59c7d0c2a0
Crash State:
  v8::internal::CallInternal
  v8::internal::Object::GetPropertyWithDefinedGetter
  v8::internal::Object::GetPropertyWithAccessor
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=49617:49618
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=49634:49635

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6016262194069504

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6016262194069504 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

ClusterFuzz testcase 6016262194069504 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot