!v8::internal::FLAG_enable_slow_asserts || (object->IsJSObject()) in src/objects |
||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5214085959909376 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSObject()) in src/objects Regressed: V8: r34586:34587 Minimized Testcase (24.23 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95tZ6ZoG8t-vBv7M16QEIojCfF6uNrcqZHTYYCd7baLiROxLv21c0jGu0G7vomt-659I8JRrOOpUTJ2EM7zoXUV6XyscTPCzRcBpJQdzde-H7mRfcyjo-w_TBM-PfxTLJqV1bEz0xwKWhb_Jjj7snpNJCkPvimuUywKlzWN8R7dU0stOeU Filer: mstarzinger See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
May 4 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/f82b33781d391156792d30ddbdbf81508a13a0d2 commit f82b33781d391156792d30ddbdbf81508a13a0d2 Author: titzer <titzer@chromium.org> Date: Wed May 04 08:52:14 2016 [wasm] Fix for 608630: allow proxies as FFI. R=ahaas@chromium.org,bradnelson@chromium.org BUG= chromium:608630 LOG=Y Review-Url: https://codereview.chromium.org/1943313002 Cr-Commit-Position: refs/heads/master@{#36008} [modify] https://crrev.com/f82b33781d391156792d30ddbdbf81508a13a0d2/src/wasm/wasm-js.cc [modify] https://crrev.com/f82b33781d391156792d30ddbdbf81508a13a0d2/src/wasm/wasm-module.cc [modify] https://crrev.com/f82b33781d391156792d30ddbdbf81508a13a0d2/src/wasm/wasm-module.h [add] https://crrev.com/f82b33781d391156792d30ddbdbf81508a13a0d2/test/mjsunit/regress/regress-608630.js
,
May 5 2016
ClusterFuzz has detected this issue as fixed in range 36007:36008. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5214085959909376 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSObject()) in src/objects Regressed: V8: r34586:34587 Fixed: V8: r36007:36008 Minimized Testcase (24.23 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95tZ6ZoG8t-vBv7M16QEIojCfF6uNrcqZHTYYCd7baLiROxLv21c0jGu0G7vomt-659I8JRrOOpUTJ2EM7zoXUV6XyscTPCzRcBpJQdzde-H7mRfcyjo-w_TBM-PfxTLJqV1bEz0xwKWhb_Jjj7snpNJCkPvimuUywKlzWN8R7dU0stOeU See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 6 2016
,
May 12 2016
CF is still complaining about this issue. Could you please take a look? https://cluster-fuzz.appspot.com/testcase?key=5789061444272128 Thank you!
,
Jun 13 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Oct 18 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by mstarzinger@chromium.org
, May 3 2016Owner: titzer@chromium.org
Status: Assigned (was: Available)