Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/0640cbf378bb569ce99a45095acd0dec2518720d ([heap] Rework ASLR for base::Platform::VirtualMemory).

If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.

+ webassembly folks. Is this something 32 vs. 64 bits specific that needs suppression?

No, this should actually produce the same error message. Maybe we hit undefined behavior because we do the bounds check wrong. I will take a look later. 

This is indeed a 32 vs 64 bit difference, but we should fix this: https://cs.chromium.org/chromium/src/v8/src/wasm/decoder.h?type=cs&q=bytes+would+underflow&sq=package:chromium&l=164

Taking this one.

https://crrev.com/c/824082

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/5aaeb2fd1c5fb08bf1f96563d5f891621a428a0b

commit 5aaeb2fd1c5fb08bf1f96563d5f891621a428a0b
Author: Clemens Hammacher <clemensh@chromium.org>
Date: Wed Dec 13 10:44:24 2017

[wasm] Simplify bounds check

We really just need one check instead of three. This also unifies the
error message to be the same on 32 and 64 bit systems.

Drive-by: Fix potential overflow in {validate_size}.

R=titzer@chromium.org

Bug:  chromium:794353 
Change-Id: I63c1f5ef53c1f245b9e82bcbf86a5d9ac0d2725e
Reviewed-on: https://chromium-review.googlesource.com/824082
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50071}
[modify] https://crrev.com/5aaeb2fd1c5fb08bf1f96563d5f891621a428a0b/src/wasm/decoder.h

ClusterFuzz has detected this issue as fixed in range 50070:50071.

Detailed report: https://clusterfuzz.com/testcase?key=4899779472785408

Fuzzer: foozzie_js_mutation
Job Type: v8_foozzie
Platform Id: linux

Crash Type: V8 correctness failure
Crash Address: 
Crash State:
  configs: x64,ignition:arm,ignition
  sources: a49
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=v8_foozzie&range=46655:46656
Fixed: https://clusterfuzz.com/revisions?job=v8_foozzie&range=50070:50071

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4899779472785408

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4899779472785408 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.