New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 599066 link

Starred by 0 users
Status: Duplicate
Merged: issue 599001
Owner: ----
Closed: Apr 2016
Cc:
mythria@chromium.org
rmcilroy@chromium.org
oth@chromium.org
mstarzinger@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: ----
Type: Bug



Sign in to add a comment

RUNTIME_ASSERT in object->IsCode() || object->IsSeqString() || object->IsExternalString() || objec

Project Member Reported by ClusterFuzz, Mar 30 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5858148270735360

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_ignition_dbg
Platform Id: linux

Crash Type: RUNTIME_ASSERT
Crash Address: 
Crash State:
  object->IsCode() || object->IsSeqString() || object->IsExternalString() || objec
  

Minimized Testcase (0.17 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96Od3oayWM-JzXsLBMZxUoldRlAax3YrfUYN7AZzDJA-ldx-QDy97ZgKQiazQwPXZ1qocRRt_xHirz1DqpFieUKCwX6kHRIoEDrn4CsGyFXxhFElZ5yI605N4K2P0ko-8wthd0ttKjFeXi1B3Xr5MiC4sxkKQ
function __f_0() {
  var __v_2 = "[0";
  for (var __v_0 = 0; __v_0 < (128 << 10); __v_0++) {
    __v_2 += ",__v_2";
  }
  __v_2 += "]";
  return eval(__v_2);
}
__v_1 = __f_0();


Filer: hablich

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Project Member

Comment 1 by sheriffbot@chromium.org, Mar 30 2016

Labels: M-49

Comment 2 by mbarbe...@chromium.org, Mar 30 2016

Components: Blink>JavaScript
Labels: -Restrict-View-SecurityTeam Restrict-View-EditIssue Type-Bug
Bulk edit to remove recently filed RUNTIME_ASSERT bugs from the security triage queue.
Project Member

Comment 3 by ClusterFuzz, Mar 31 2016 

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5858148270735360

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_ignition_dbg
Platform Id: linux

Crash Type: RUNTIME_ASSERT
Crash Address: 
Crash State:
  object->IsCode() || object->IsSeqString() || object->IsExternalString() || objec
  

Minimized Testcase (0.17 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96Od3oayWM-JzXsLBMZxUoldRlAax3YrfUYN7AZzDJA-ldx-QDy97ZgKQiazQwPXZ1qocRRt_xHirz1DqpFieUKCwX6kHRIoEDrn4CsGyFXxhFElZ5yI605N4K2P0ko-8wthd0ttKjFeXi1B3Xr5MiC4sxkKQ
function __f_0() {
  var __v_2 = "[0";
  for (var __v_0 = 0; __v_0 < (128 << 10); __v_0++) {
    __v_2 += ",__v_2";
  }
  __v_2 += "]";
  return eval(__v_2);
}
__v_1 = __f_0();


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Comment 4 by mythria@chromium.org, Apr 1 2016

Mergedinto: 599001
Status: Duplicate (was: Available)
Project Member

Comment 5 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment