(left_index == right_index) || (ignore_sign && (left_index <= 1) && (right_index |
||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5025734954844160 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_ignition_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (left_index == right_index) || (ignore_sign && (left_index <= 1) && (right_index Minimized Testcase (0.29 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95poeHvlfzvzgwsfx_zPfkK-l_TfpspPJvDa13SQD4ApfBLHNJb_DSkLImgKhFSupapcDXnCpIpOvAgZjWBjncSfWbnVNBLiveftx5FQdTGuX2FxK4VzqulUI48D6XiCr4Qzp3iUUZ5kQy8xYS2FzIzgwztMA function __f_55(expected, __f_70, __f_9) { Wasm.instantiateModuleFromAsm( __f_70.toString()); } function __f_100() { "use asm"; function __f_76() { var __v_39 = 0; outer: while (1) { while (__v_39 == 4294967295) { } } } return {__f_76: __f_76}; } __f_55(11, __f_100); Filer: hablich See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 5 2016
Looks like a sign comparison mismatch. This should not validate, correct?
,
Jun 20 2016
,
Jun 20 2016
,
Jun 20 2016
,
Jun 20 2016
,
Jun 20 2016
,
Jun 20 2016
Issue 592349 has been merged into this issue.
,
Jun 20 2016
Issue 593285 has been merged into this issue.
,
Jun 20 2016
,
Jun 20 2016
,
Jun 28 2016
,
Jun 29 2016
Fixed in: https://chromium.googlesource.com/v8/v8/+/e42983d14707b8710e969d99a9e4793dd6da9d23
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||||||||
►
Sign in to add a comment |
||||||||||
Comment 1 by mstarzinger@chromium.org
, Apr 1 2016Status: Assigned (was: Available)