Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/9635e1a3037bbc9355eb4cbb84b9f2415c270fc1 ([wasm] Move wire bytes to the NativeModule).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/9635e1a3037bbc9355eb4cbb84b9f2415c270fc1 ([wasm] Move wire bytes to the NativeModule).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/ecbf6296c7f8edee3096da1611623a786410076e

commit ecbf6296c7f8edee3096da1611623a786410076e
Author: Clemens Hammacher <clemensh@chromium.org>
Date: Wed Oct 24 12:43:24 2018

[wasm] Fix streaming instantiation with no code section

Because of ordering issues we didn't set the wire bytes on the
{NativeModule} during {OnFinishedStream}. We then failed during
instantiation when trying to read the import names from the wire bytes.

This CL fixes this locally without much code churn. I plan to clean up
the interaction between {AsyncCompileJob} and {AsyncStreamingProcessor}
in a follow-up CL.

R=ahaas@chromium.org

Bug:  chromium:898310 
Change-Id: I06337a04ba380f87b803f325323208298d363f41
Reviewed-on: https://chromium-review.googlesource.com/c/1296467
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56938}
[modify] https://crrev.com/ecbf6296c7f8edee3096da1611623a786410076e/src/wasm/module-compiler.cc
[modify] https://crrev.com/ecbf6296c7f8edee3096da1611623a786410076e/src/wasm/module-compiler.h
[modify] https://crrev.com/ecbf6296c7f8edee3096da1611623a786410076e/test/mjsunit/wasm/async-compile.js

ClusterFuzz has detected this issue as fixed in range 56937:56938.

Detailed report: https://clusterfuzz.com/testcase?key=5799232597131264

Fuzzer: ochang_js_fuzzer
Job Type: linux_cfi_d8
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000014
Crash State:
  v8::internal::String::NonAsciiStart
  v8::internal::Factory::NewStringFromUtf8
  v8::internal::WasmModuleObject::ExtractUtf8StringFromModuleBytes
  
Sanitizer: cfi (CFI)

Regressed: https://clusterfuzz.com/revisions?job=linux_cfi_d8&range=53976:53977
Fixed: https://clusterfuzz.com/revisions?job=linux_cfi_d8&range=56937:56938

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5799232597131264

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5799232597131264 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Issue 898104 has been merged into this issue.

Just tested locally. This also reproduces on the 7.0 and 7.1 branch. Requesting backmerge.
The fix is in today's Canary which looks good so far. Will not merge before tomorrow though, and will check Canary results again before merging.

This bug requires manual review: Request affecting a post-stable build
Please contact the milestone owner if you have questions.
Owners: benmason@(Android), kariahda@(iOS), geohsu@(ChromeOS), abdulsyed@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug requires manual review: M71 has already been promoted to the beta branch, so this requires manual review
Please contact the milestone owner if you have questions.
Owners: benmason@(Android), kariahda@(iOS), kbleicher@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

+awhalley@/hablich@

how critical is this and can we wait until M71 to fix this?

Approving this merge for M71. 

Canary still looks good, merging to M-71.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/8302482069274f3f9f1f410167d89260e462f99a

commit 8302482069274f3f9f1f410167d89260e462f99a
Author: Clemens Hammacher <clemensh@chromium.org>
Date: Fri Oct 26 10:35:29 2018

Merged: [wasm] Fix streaming instantiation with no code section

Because of ordering issues we didn't set the wire bytes on the
{NativeModule} during {OnFinishedStream}. We then failed during
instantiation when trying to read the import names from the wire bytes.

This CL fixes this locally without much code churn. I plan to clean up
the interaction between {AsyncCompileJob} and {AsyncStreamingProcessor}
in a follow-up CL.

R=ahaas@chromium.org

Bug:  chromium:898310 
Change-Id: I304f99a6d50ca4f488b3ae7a0707c824815016ad
Originally-reviewed-on: https://chromium-review.googlesource.com/c/1296467
No-Try: true
No-Tree-Checks: true
No-Presubmit: true
Reviewed-on: https://chromium-review.googlesource.com/c/1301474
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/branch-heads/7.1@{#18}
Cr-Branched-From: f70aaa8ab2e8815505a6145c745e50d8328cd28c-refs/heads/7.1.302@{#1}
Cr-Branched-From: 1dbcc78efa17a9047f7e923958087ef9eec43066-refs/heads/master@{#56462}
[modify] https://crrev.com/8302482069274f3f9f1f410167d89260e462f99a/src/wasm/module-compiler.cc
[modify] https://crrev.com/8302482069274f3f9f1f410167d89260e462f99a/src/wasm/module-compiler.h
[modify] https://crrev.com/8302482069274f3f9f1f410167d89260e462f99a/test/mjsunit/wasm/async-compile.js

Please merge this to to 7.0 ASAP.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/494931365b0477623f55126e360bd2b619728e2f

commit 494931365b0477623f55126e360bd2b619728e2f
Author: Clemens Hammacher <clemensh@chromium.org>
Date: Tue Nov 06 12:32:24 2018

Merged: [wasm] Fix streaming instantiation with no code section

Because of ordering issues we didn't set the wire bytes on the
{NativeModule} during {OnFinishedStream}. We then failed during
instantiation when trying to read the import names from the wire bytes.

This CL fixes this locally without much code churn. I plan to clean up
the interaction between {AsyncCompileJob} and {AsyncStreamingProcessor}
in a follow-up CL.

R=ahaas@chromium.org

Bug:  chromium:898310 
Change-Id: I88a651f4842f05c3316030b15ac096249acab7d7
Originally-reviewed-on: https://chromium-review.googlesource.com/c/1296467
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Reviewed-on: https://chromium-review.googlesource.com/c/1319587
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/branch-heads/7.0@{#75}
Cr-Branched-From: 6e2adae6f7f8e891cfd01f3280482b20590427a6-refs/heads/7.0.276@{#1}
Cr-Branched-From: bc08a8624cbbea7a2d30071472bc73ad9544eadf-refs/heads/master@{#55424}
[modify] https://crrev.com/494931365b0477623f55126e360bd2b619728e2f/src/wasm/module-compiler.cc
[modify] https://crrev.com/494931365b0477623f55126e360bd2b619728e2f/src/wasm/module-compiler.h
[modify] https://crrev.com/494931365b0477623f55126e360bd2b619728e2f/test/mjsunit/wasm/async-compile.js

no more backports needed for Node.js