Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/e4d7995cfdb43525f86f9609bb84f5f0588e2132 ([wasm] Move SyncCompile* and AsyncCompile* methods to WasmEngine).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The test is failing because it exceeds the limit on the number of parameters imposed by the WebAssembly engine.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/73d60721666a95c9e13a6dadcccac25af6efca2e

commit 73d60721666a95c9e13a6dadcccac25af6efca2e
Author: Ben L. Titzer <titzer@chromium.org>
Date: Mon Feb 12 19:42:12 2018

[asm.js] Enforce maximum number of parameters for asm.js.

R=bradnelson@chromium.org

Bug:  chromium:810973 
Change-Id: I818c17ef03b27df72976048b1873fc3f3a368900
Reviewed-on: https://chromium-review.googlesource.com/914330
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51252}
[modify] https://crrev.com/73d60721666a95c9e13a6dadcccac25af6efca2e/src/asmjs/asm-parser.cc
[add] https://crrev.com/73d60721666a95c9e13a6dadcccac25af6efca2e/test/mjsunit/regress/wasm/regress-810973.js

ClusterFuzz has detected this issue as fixed in range 51251:51252.

Detailed report: https://clusterfuzz.com/testcase?key=6194428696592384

Fuzzer: ochang_js_fuzzer
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !result.failed() in wasm-engine.cc
  v8::internal::wasm::WasmEngine::SyncCompileTranslatedAsmJs
  v8::internal::AsmJsCompilationJob::FinalizeJobImpl
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=50678:50679
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=51251:51252

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6194428696592384

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6194428696592384 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Not sure why the sev and impact labels got removed.

I removed the labels based on my judgment it was not an exploitable security bug. The limits were being enforced deeper in the engine and causing a later failure, whereas the fix was the check the limits up front.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot