Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6639908151623680

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0xffffffffffffffff
Crash State:
  v8::internal::Invoke
  v8::internal::Execution::Call
  v8::Script::Run
  
Recommended Security Severity: Medium

Regressed: V8: r35136:35137

Minimized Testcase (0.08 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv95Z0_K6e6nuEj1oYzlmaiRxCU78bPDxfeULxzAvZhvI58YFnW6mlgWFoeJuBV_QMmK7s5Ef76iRiK5FSaCvxoP1E1-OntVs6jlrSoUwJzn27wwehNHpnGGExuHMHeN_LEeOk021x0N_6Gqq-BQ5tV9Ia0wxDw
  var __v_5 = 0xFFFFFFFF;
  var __v_4 = [];
  __v_4[__v_5 - 1] = 0;
  __v_4.reverse();


Filer: hablich

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

ClusterFuzz has detected this issue as fixed in range 35153:35154.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6639908151623680

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0xffffffffffffffff
Crash State:
  v8::internal::Invoke
  v8::internal::Execution::Call
  v8::Script::Run
  
Recommended Security Severity: Medium

Regressed: V8: r35136:35137
Fixed: V8: r35153:35154

Minimized Testcase (0.08 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv95Z0_K6e6nuEj1oYzlmaiRxCU78bPDxfeULxzAvZhvI58YFnW6mlgWFoeJuBV_QMmK7s5Ef76iRiK5FSaCvxoP1E1-OntVs6jlrSoUwJzn27wwehNHpnGGExuHMHeN_LEeOk021x0N_6Gqq-BQ5tV9Ia0wxDw
  var __v_5 = 0xFFFFFFFF;
  var __v_4 = [];
  __v_4[__v_5 - 1] = 0;
  __v_4.reverse();


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 35153:35154.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5932151765204992

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0xffffffffffffffff
Crash State:
  v8::internal::Invoke
  v8::internal::Execution::Call
  v8::internal::CallJsIntrinsic
  
Recommended Security Severity: Medium

Regressed: V8: r35136:35137
Fixed: V8: r35153:35154

Minimized Testcase (0.32 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94fVY5dJWeGV3Ufxsejbt-RbYqRHAeMCFarFnrC2mZX28JHQ5FHXYVtcloXVOEDfxeeN3juyxh5rih0AbSE-6JCB-JCNxS-jYVQ7RXWM_b1gW-LSRtr8S5wxS3wDWs1jd_PRh89wfT12RzYqLLA9d7Ecx7Jug

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Awesome, fixed the bug before clusterfuzz detected it :-)

Adding Merge-Triage label for tracking purposes.

Once your fix had sufficient bake time (on canary, dev as appropriate), please nominate your fix for merge by adding the Merge-Requested label.

When your merge is approved by the release manager, please start merging with higher milestone label first. Make sure to re-request merge for every milestone in the label list. You can get branch information on omahaproxy.appspot.com.

- Your friendly ClusterFuzz

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot