New issue
Advanced search Search tips

Issue 606474 link

Starred by 1 user
Status: Duplicate
Merged: issue 543532
Owner: ----
Closed: Apr 2016
Cc:
ishell@chromium.org
mstarzinger@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug



Sign in to add a comment

(val)<=(std::numeric_limits<N>::max()) in v8/src/compiler/operator.cc

Project Member Reported by ClusterFuzz, Apr 25 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5440344971280384

Fuzzer: mbarbella_js_mutation
Job Type: windows_asan_d8
Platform Id: windows

Crash Type: CHECK failure
Crash Address: 
Crash State:
  (val)<=(std::numeric_limits<N>::max()) in v8/src/compiler/operator.cc
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_d8&range=389343:389359

Minimized Testcase (0.52 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv97nb0UxIEEyDwecFvkwl0nAQhy9dcEKk1FM19ZS7mlzBPzRT6Qyht4bAY14N0fst4sNmoKol4qtIQ6VKlVh_WxAeK7ocQY4TRhTHr-_9h0M6sBbk_tuncTG_B0fzcpmVkx0wEFFo4ahS4JmAfbaYkzIvwWmAA
function __f_20(length) {
  var __v_10 = "(function () {\n" +
            "  var __v_10 = 0;\n" +
            "  for (var __v_9 = 0; __v_9 <= " + length + "; __v_9++) {\n" +
            "    switch(__v_9) {\n";
  for (var __v_9 = 0; __v_9 < length; __v_9++) {
    __v_10 += "    case " + __v_9 + ": __v_10 += 2; break;\n";
  }
  __v_10 += "    default: __v_10 += 1;\n" +
         "    }\n" +
         "  }\n" +
         "  return __v_0;\n" +
         "})";
  return eval(__v_10);
}
__v_8 = 65535;
__v_11 = __f_20(__v_8);
 __v_11();


Filer: manoranjanr

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by manoranj...@chromium.org, Apr 25 2016

Labels: Te-Logged

Comment 2 by mstarzinger@chromium.org, Apr 26 2016

Mergedinto: 543532
Status: Duplicate (was: Available)
Project Member

Comment 3 by ClusterFuzz, Jun 8 2016 

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5440344971280384

Fuzzer: mbarbella_js_mutation
Job Type: windows_asan_d8
Platform Id: windows

Crash Type: CHECK failure
Crash Address: 
Crash State:
  (val)<=(std::numeric_limits<N>::max()) in v8/src/compiler/operator.cc
  

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96gg9StETbZnCLhNOlCmDjZTPSC6cbWyg6tGSvoWPvNYeEfKoOMdhUi-x1tLWC0cYmarOuHxRnP94dCueOfBwATTKqS29tPIaexn57n06tCbL7Ie8bjYA2mhSr9dfy9x1H2xZUV5t4CLwURh3oI-t-WoFcyf4evkJny25IPNs0Adf5b5Co


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 4 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment