index <= know_captures in src/regexp/regexp-parser.cc |
|||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6519893553315840 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: index <= know_captures in src/regexp/regexp-parser.cc Regressed: V8: r32042:32043 Minimized Testcase (6.96 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94W6PAztOQLdQ1GEgvpZOgFQXzC3ld0UFGox5vJsJCE4UzKJsfrKE5vO4v1k0EpE7h0S3DRZYjvQg6vseZGCBF2DpQRabJWiwgJdnT3AanUh9ajp2-u47X-XgclEsXEMMzW2rQUFzW_F25bjrtBAZwbN9gvAw Filer: hablich See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Mar 18 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/1e2d0e113627dd9d123334ed8a62ef81697c9fe7 commit 1e2d0e113627dd9d123334ed8a62ef81697c9fe7 Author: yangguo <yangguo@chromium.org> Date: Fri Mar 18 14:52:28 2016 [regexp] catch stack overflow when parsing back references. R=jkummerow@chromium.org BUG= chromium:595657 LOG=N Review URL: https://codereview.chromium.org/1811913006 Cr-Commit-Position: refs/heads/master@{#34894} [modify] https://crrev.com/1e2d0e113627dd9d123334ed8a62ef81697c9fe7/src/regexp/regexp-parser.cc [add] https://crrev.com/1e2d0e113627dd9d123334ed8a62ef81697c9fe7/test/mjsunit/regress/regress-crbug-595657.js
,
Mar 18 2016
ClusterFuzz has detected this issue as fixed in range 34893:34894. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6519893553315840 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: index <= know_captures in src/regexp/regexp-parser.cc Regressed: V8: r32042:32043 Fixed: V8: r34893:34894 Minimized Testcase (6.96 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94W6PAztOQLdQ1GEgvpZOgFQXzC3ld0UFGox5vJsJCE4UzKJsfrKE5vO4v1k0EpE7h0S3DRZYjvQg6vseZGCBF2DpQRabJWiwgJdnT3AanUh9ajp2-u47X-XgclEsXEMMzW2rQUFzW_F25bjrtBAZwbN9gvAw See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 19 2016
This needs to be merged to M50.
,
Mar 19 2016
,
Mar 19 2016
Your change meets the bar and is auto-approved for M50 (branch: 2661)
,
Mar 21 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/c98418cc4a07e4e3adadf030abb2a12afc8f8477 commit c98418cc4a07e4e3adadf030abb2a12afc8f8477 Author: Yang Guo <yangguo@chromium.org> Date: Mon Mar 21 06:40:39 2016 Version 5.0.71.20 (cherry-pick) Merged 1e2d0e113627dd9d123334ed8a62ef81697c9fe7 [regexp] catch stack overflow when parsing back references. BUG= chromium:595657 LOG=N R=hablich@chromium.org TBR=hablich@chromium.org Review URL: https://codereview.chromium.org/1818883002 . Cr-Commit-Position: refs/branch-heads/5.0@{#27} Cr-Branched-From: ad16e6c2cbd2c6b0f2e8ff944ac245561c682ac2-refs/heads/5.0.71@{#1} Cr-Branched-From: bd9df50d75125ee2ad37b3d92c8f50f0a8b5f030-refs/heads/master@{#34215} [modify] https://crrev.com/c98418cc4a07e4e3adadf030abb2a12afc8f8477/include/v8-version.h [modify] https://crrev.com/c98418cc4a07e4e3adadf030abb2a12afc8f8477/src/regexp/regexp-parser.cc [add] https://crrev.com/c98418cc4a07e4e3adadf030abb2a12afc8f8477/test/mjsunit/regress/regress-crbug-595657.js
,
Mar 21 2016
Per comment #7, this is already merged to M50. If all is done for M50, please remove "Merge-Approved-50" label. Thank you.
,
Mar 22 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by hablich@chromium.org
, Mar 17 2016Status: Assigned (was: Available)