(check == ENABLE_INLINED_SMI_CHECK) ? (*jmp_address == Assembler::kJncShortOpcod |
|||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6233205601992704 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (check == ENABLE_INLINED_SMI_CHECK) ? (*jmp_address == Assembler::kJncShortOpcod Regressed: V8: r35296:35297 Minimized Testcase (6.19 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95QdcdkuyvtghRKHn4pgvHb_H145VgdDZOd6cN6bJ2_ALkXHzE3PfLxhl097htKJI0jHOE59QzZCsvFxiCsBHlsunP9dFmHNQXJu1wOc8uuzCWx8d3L8jraYq_oMpt4eqrUnQOC1aSwI4zTDBaMmC4hrv8AfA Filer: ishell See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 27 2016
,
Apr 27 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/f1cc6e646f939ba177e50fd5b5137c486ee4fdac commit f1cc6e646f939ba177e50fd5b5137c486ee4fdac Author: verwaest <verwaest@chromium.org> Date: Wed Apr 27 09:16:38 2016 Check the state of the current binary op IC before patching smi code Between the miss and patching, we run user code. That may already patch the same code. IC refactoring broke this (again), so including a regression test this time around. BUG= chromium:601392 LOG=n Review URL: https://codereview.chromium.org/1925583002 Cr-Commit-Position: refs/heads/master@{#35811} [modify] https://crrev.com/f1cc6e646f939ba177e50fd5b5137c486ee4fdac/src/ic/ic.cc [add] https://crrev.com/f1cc6e646f939ba177e50fd5b5137c486ee4fdac/test/mjsunit/regress/regress-recurse-patch-binary-op.js
,
Apr 27 2016
ClusterFuzz has detected this issue as fixed in range 35810:35811. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6233205601992704 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (check == ENABLE_INLINED_SMI_CHECK) ? (*jmp_address == Assembler::kJncShortOpcod Regressed: V8: r35296:35297 Fixed: V8: r35810:35811 Minimized Testcase (6.19 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95QdcdkuyvtghRKHn4pgvHb_H145VgdDZOd6cN6bJ2_ALkXHzE3PfLxhl097htKJI0jHOE59QzZCsvFxiCsBHlsunP9dFmHNQXJu1wOc8uuzCWx8d3L8jraYq_oMpt4eqrUnQOC1aSwI4zTDBaMmC4hrv8AfA See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||
►
Sign in to add a comment |
|||
Comment 1 by ishell@chromium.org
, Apr 7 2016Status: Assigned (was: Available)