Issue metadata
Sign in to add a comment
|
Crash in v8::internal::Invoke |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5466912204521472 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x7f16f5c6c101 Crash State: v8::internal::Invoke v8::internal::Execution::Call v8::internal::Execution::TryCall Recommended Security Severity: Medium Regressed: V8: r36361:36362 Minimized Testcase (3.33 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97fgu6nLiLqSVy0-3WD-XYly_qDE9xDSj03QvW7rFvY0d6cIhQ-vVUO9lCxwbjX0s1TjUWmFZRjRuevfoyrjjzfGoyN7e99aXdpxOBUNxS0H3KDj-CLGH8Y4rVx5Wpdh4-u3Urh3MLdMwu9zF1ZOP82VFzXRg Filer: mstarzinger See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
May 20 2016
,
May 20 2016
ClusterFuzz has detected this issue as fixed in range 36378:36379. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5466912204521472 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x7f16f5c6c101 Crash State: v8::internal::Invoke v8::internal::Execution::Call v8::internal::Execution::TryCall Recommended Security Severity: Medium Regressed: V8: r36361:36362 Fixed: V8: r36378:36379 Minimized Testcase (3.33 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97fgu6nLiLqSVy0-3WD-XYly_qDE9xDSj03QvW7rFvY0d6cIhQ-vVUO9lCxwbjX0s1TjUWmFZRjRuevfoyrjjzfGoyN7e99aXdpxOBUNxS0H3KDj-CLGH8Y4rVx5Wpdh4-u3Urh3MLdMwu9zF1ZOP82VFzXRg See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 26 2016
Revert https://chromium.googlesource.com/v8/v8/+/eb059498b2b2d05731b0dce648bdab801d3873fd fixed all six variants. Please make sure that these testcases are fixed before bringing this functionality back. https://cluster-fuzz.appspot.com/testcase?key=5117002695311360 https://cluster-fuzz.appspot.com/testcase?key=5466912204521472 https://cluster-fuzz.appspot.com/testcase?key=5635481819152384 https://cluster-fuzz.appspot.com/testcase?key=5905257908928512 https://cluster-fuzz.appspot.com/testcase?key=6368210756042752 https://cluster-fuzz.appspot.com/testcase?key=6516295994703872
,
May 26 2016
Adding Merge-Triage label for tracking purposes. Once your fix had sufficient bake time (on canary, dev as appropriate), please nominate your fix for merge by adding the Merge-Request-XX label, where XX is the Chrome milestone. When your merge is approved by the release manager, please start merging with higher milestone label first. Make sure to re-request merge for every milestone in the label list. You can get branch information on omahaproxy.appspot.com. - Your friendly ClusterFuzz
,
May 26 2016
,
May 31 2016
,
Jun 20 2016
,
Jun 20 2016
@hablich, not sure if there's any remaining work here, could you please advice if a merge is required or if we can just close this out?
,
Sep 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mstarzinger@chromium.org
, May 20 2016Status: Assigned (was: Available)