Mac triage: marking for V8 triage.

This is blink crashing.

The test does new Float32Array(2147483555).  Is this not basically OOM?

+yukishiino

I don't have access to the ClusterFuzz report, but comment #3 reminds me of  bug 817590 .

This is caused by overflow in 32-bit unsigned integer.
Failure at CHECK is reasonable.

ClusterFuzz testcase 4783586992717824 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.

ClusterFuzz has detected this issue as fixed in range 585071:585171.

Detailed report: https://clusterfuzz.com/testcase?key=4783586992717824

Fuzzer: inferno_twister
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: CHECK failure
Crash Address: 
Crash State:
  VerifySubRange<T>(buffer.get(), byte_offset, length) in TypedArrayBase.h
  scoped_refptr<WTF::Float32Array> WTF::TypedArrayBase<float>::Create<WTF::Float32
  blink::DOMTypedArray<WTF::Float32Array, v8::Float32Array>::Create
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=507321:507330
Fixed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=585071:585171

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4783586992717824

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.