Unreachable code in src/compiler/escape-analysis.cc |
||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5299451794554880 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_mipsel_dbg Platform Id: linux Crash Type: Unreachable code Crash Address: Crash State: src/compiler/escape-analysis.cc Regressed: V8: r35258:35259 Minimized Testcase (0.13 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95JBZTv-DdXOUpKIpU4mvKYkp_Ad35ZQKDQWENUkYE33JBAk7IJXSfP5ADp8yJFSnnHy2RKB_vrwgOb5wXgetrEozxtPZsUmrYK2e3SoV3DD7Y10bYvXALY4dSOIZ9-q7fp8B7c-D5hHIkNxNU1fYw8TzB7ig function nop() {} function __f_0(a,b,c,d) { return [ ...(nop(), [c])]; } [], __f_0(); %OptimizeFunctionOnNextCall(__f_0); [], __f_0(); Filer: hablich See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 7 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4856542588829696 Fuzzer: mbarbella_js_mutation Job Type: linux_v8_d8_tot Platform Id: linux Crash Type: Unreachable code Crash Address: Crash State: v8/src/compiler/escape-analysis.cc Regressed: V8: r34231:34248 Minimized Testcase (0.12 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94-oNri6QNCROgQ2zMui9KRJbOvabAgdyMBhkvqu5cWUaKNe4hc7KarLiJiRR66Z4AFQrFXspFCR0oDwWfx8aadhsaTVxagMF8pVIHYQMkwVqeY1JDVRW4HnCbq_lnJcSirg8lKiS4SARKStDZ4IkhUsIe76Q function __f_2(x) { return x; } null == new __f_2(); function __f_8() { assertFalse(void 0 == new __f_2()); } __f_8(); Filer: ishell See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 8 2016
,
Apr 15 2016
ClusterFuzz has detected this issue as fixed in range 35520:35521. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5299451794554880 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_mipsel_dbg Platform Id: linux Crash Type: Unreachable code Crash Address: Crash State: src/compiler/escape-analysis.cc Regressed: V8: r35258:35259 Fixed: V8: r35520:35521 Minimized Testcase (0.13 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95JBZTv-DdXOUpKIpU4mvKYkp_Ad35ZQKDQWENUkYE33JBAk7IJXSfP5ADp8yJFSnnHy2RKB_vrwgOb5wXgetrEozxtPZsUmrYK2e3SoV3DD7Y10bYvXALY4dSOIZ9-q7fp8B7c-D5hHIkNxNU1fYw8TzB7ig function nop() {} function __f_0(a,b,c,d) { return [ ...(nop(), [c])]; } [], __f_0(); %OptimizeFunctionOnNextCall(__f_0); [], __f_0(); See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 16 2016
ClusterFuzz has detected this issue as fixed in range 35512:35539. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4856542588829696 Fuzzer: mbarbella_js_mutation Job Type: linux_v8_d8_tot Platform Id: linux Crash Type: Unreachable code Crash Address: Crash State: v8/src/compiler/escape-analysis.cc Regressed: V8: r34231:34248 Fixed: V8: r35512:35539 Minimized Testcase (0.12 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94-oNri6QNCROgQ2zMui9KRJbOvabAgdyMBhkvqu5cWUaKNe4hc7KarLiJiRR66Z4AFQrFXspFCR0oDwWfx8aadhsaTVxagMF8pVIHYQMkwVqeY1JDVRW4HnCbq_lnJcSirg8lKiS4SARKStDZ4IkhUsIe76Q function __f_2(x) { return x; } null == new __f_2(); function __f_8() { assertFalse(void 0 == new __f_2()); } __f_8(); See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 18 2016
This has been fixed by https://chromium.googlesource.com/v8/v8/+/7cef5593e45eeb505f1aa3f04d3974b18c86ac20
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||
►
Sign in to add a comment |
||||
Comment 1 by hablich@chromium.org
, Apr 6 2016Status: Assigned (was: Available)