Assigning for v8 triage.

hablich: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sounds like something you might already have fixed recently?

Hi Clemens, has this been fixed by https://crrev.com/c/1209344? 

That CL was merged back to M-70 in https://crrev.com/c/1215622. Will have to investigate whether this is a separate issue.

Cannot reproduce, looks like it's missing the "wasm_idb_worker.js" file.

Hi clemensh@  
Did you try in 70.0.3524.0?

Here is the "wasm_idb_worker.js" file.(You can find it in res.zip too)

Deleted: wasm_idb_worker.js 769 bytes

wasm_idb_worker.js 769 bytes View Download

Note that the version you are using (asan-linux-release-583299, 70.0.3524.0) were before the fix mentioned in #6 was merged. So it should be fixed.

I tried reproducing on asan build 583299, but failed. These are my asan options:
handle_sigfpe=1:handle_sigbus=1:detect_stack_use_after_return=1:alloc_dealloc_mismatch=0:print_scariness=1:max_uar_stack_size_log=16:quarantine_size_mb=10:detect_odr_violation=0:handle_sigill=1:allocator_release_to_os_interval_ms=500:coverage=0:use_sigaltstack=1:fast_unwind_on_fatal=1:detect_leaks=1:print_summary=1:handle_abort=1:check_malloc_usable_size=0:detect_container_overflow=1:symbolize=1:handle_segv=1:abort_on_error=1:allow_user_segv_handler=1

What I did was:
1) download and unpack asan-linux-release-583299
2) download and unpack res.zip from #1
3) download crash.html from #1 and place it next to the extracted files from (2)
4) set (and export) ASAN_OPTIONS
5) start a webserver to serve the files from (2) and (3): python -m SimpleHTTPServer 8004
6) run: ./asan-linux-release-583299/chrome http://localhost:8004/crash.html

Sorry for my mistake.
Seem like it lacks of a testharness.js file.
Here i upload a new "wasm_idb_worker.js" and get that crash again.
Please try this one.

Deleted: wasm_idb_worker.js 737 bytes

wasm_idb_worker.js 737 bytes View Download

Thanks, can reproduce on version 583299 now.
Also tried ToT, and it does not reproduce there.
Bisecting shows that is was fixed between 589344 and 589346. In-between (at 589345), we rolled v8 version 7.1.54, with these changes: https://chromium.googlesource.com/v8/v8/+log/41db1841..e1220339
This range contains the fix:
98bdaf9 [wasm] Fix worker termination while compiling

So everything is fine, this is fixed on the M-70 branch.

Thanks for filing this anyway!

hi cdsrc2016@, I'm afraid the VRP panel declined to reward for this bug, as it did not cause us to fix the issue, per comment 5.  Cheers!

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot