Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically adding ccs based on suspected regression changelists:

[wasm] Add WasmFeatures to enable/detect features by titzer@chromium.org - https://chromium.googlesource.com/v8/v8/+/6aa2a253136d8d3d987c7fb8b3bc68208a5a532c

[cleanup] Make {AreAliased} generic and variadic by clemensh@chromium.org - https://chromium.googlesource.com/v8/v8/+/70f2bd0d1418e0290baa37cb62641132ada3edc4

Reland "[wasm] Implement the new API for WebAssembly.instantiateStreaming" by ahaas@chromium.org - https://chromium.googlesource.com/v8/v8/+/3e545e404525540ada1c3ce3aacaab902150324e

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

titzer: Assigning to you since your CL has changes in function-body-decoder.cc, can you take a look (and reassign if appropriate?) Thanks.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/af4cf8d1501009380e8249e3cc853ed8f30c7c09

commit af4cf8d1501009380e8249e3cc853ed8f30c7c09
Author: Andreas Haas <ahaas@chromium.org>
Date: Mon Aug 20 12:09:11 2018

[wasm] Abort decoding of BlockTypeImmediate after an error was detected

R=titzer@chromium.org

Bug:  chromium:875556 
Change-Id: I989dbaaec1eac3b7d0c761f25efec043cdeb9d71
Reviewed-on: https://chromium-review.googlesource.com/1180964
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55212}
[modify] https://crrev.com/af4cf8d1501009380e8249e3cc853ed8f30c7c09/src/wasm/function-body-decoder-impl.h
[add] https://crrev.com/af4cf8d1501009380e8249e3cc853ed8f30c7c09/test/mjsunit/regress/wasm/regress-875556.js

ClusterFuzz testcase 4931148770443264 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

ClusterFuzz has detected this issue as fixed in range 584756:584763.

Detailed report: https://clusterfuzz.com/testcase?key=5969756822437888

Fuzzer: afl_v8_wasm_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 1
Crash Address: 0x60b000000363
Crash State:
  int v8::internal::wasm::Decoder::read_leb_tail<int,
  v8::internal::wasm::BlockTypeImmediate<
  v8::internal::wasm::WasmDecoder<
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=583006:583014
Fixed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=584756:584763

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5969756822437888

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot