Crash in v8::internal::JSObject::AddDataElement |
|||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6628621276151808 Fuzzer: mbarbella_webgl Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000000 Crash State: v8::internal::JSObject::AddDataElement v8::internal::Object::AddDataProperty v8::internal::Object::SetProperty Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=375259:376290 Minimized Testcase (0.41 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94qNxcoLsIUMq_gSebS9_yujc9DaNo3tlFdWXZx6nP9NgexT-FoOz6gi2pZ252O2VFHJwQwKGq_nHJdgVImtXpkt1jtKhFmlz47o58c8MTSK53QyMsk9Ri8r3Vn0dX0_hNUsT8VgMJ7TEnsphgfQP3rWmQEhQ <script> function create_program() { } function runTests() { var canvas = document.createElement('canvas'); var gl = canvas.getContext('experimental-webgl'); runTest(gl); } function runTest(gl) { try { runTest(gl) } catch(e) {; } try { var buffer = gl.createBuffer() } catch(e) {; } gl.bindBuffer(gl.ARRAY_BUFFER, buffer) } </script> <body onload="runTests()"> Filer: durga.behera See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 14 2016
Moving this nonessential bug to the next milestone. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 16 2016
As per update#1, assigning this bug to verwaest@. could you please take a look and reassign if it is not related your changes. Thank you.
,
Jun 21 2016
This seems like a bug in blink/WebGL bindings that do not properly handle boundary conditions. We're obviously running out-of-stack here, and V8 gets an empty handle in as result a little later.
,
Jun 21 2016
This looks more like a problem in the bindings than a WebGL-specific problem.
,
Jul 5 2016
This issue is Pri-1 but has already been moved once. Lowering the priority and moving to the next milestone. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 12 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5703690904403968 Fuzzer: inferno_twister Job Type: windows_syzyasan_content_shell Platform Id: windows Crash Type: UNKNOWN Crash Address: 0x00000003 Crash State: v8::internal::JSObject::AddDataElement v8::internal::Object::AddDataProperty v8::internal::Object::SetProperty Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=403457:403667 Minimized Testcase (0.31 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96lrLHVNCwbtbUVfRTI9ejAReqSLxGWPG2XgliHmiRY8pjur36sbYWR3eqtXIwpv4JFbEHALeqm8hsas79DQEpHQKvapq-QyTGYCD3Ttqs7vPtKvCFzhfLWpIxyZwMff1UtRQU613Nq5Cqeuac8TeLQmF86ew?testcase_id=5703690904403968 <script> var canvas = document.createElement('canvas'); var gl = canvas.getContext('experimental-webgl'); runTest(gl); function runTest() { try { runTest() } catch(e) {; } var vertexBuffer = gl.createBuffer() gl.bindBuffer(gl.ARRAY_BUFFER, vertexBuffer) } </script> Additional requirements: Requires HTTP Filer: nyerramilli See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 12 2016
,
Jul 12 2016
Not a useful bug report. This is a basic stack overflow.
,
Aug 8 2016
ClusterFuzz has detected this issue as fixed in range 409589:409828. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6628621276151808 Fuzzer: mbarbella_webgl Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000000 Crash State: v8::internal::JSObject::AddDataElement v8::internal::Object::AddDataProperty v8::internal::Object::SetProperty Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=393646:393766 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=409589:409828 Minimized Testcase (0.41 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94qNxcoLsIUMq_gSebS9_yujc9DaNo3tlFdWXZx6nP9NgexT-FoOz6gi2pZ252O2VFHJwQwKGq_nHJdgVImtXpkt1jtKhFmlz47o58c8MTSK53QyMsk9Ri8r3Vn0dX0_hNUsT8VgMJ7TEnsphgfQP3rWmQEhQ?testcase_id=6628621276151808 <script> function create_program() { } function runTests() { var canvas = document.createElement('canvas'); var gl = canvas.getContext('experimental-webgl'); runTest(gl); } function runTest(gl) { try { runTest(gl) } catch(e) {; } try { var buffer = gl.createBuffer() } catch(e) {; } gl.bindBuffer(gl.ARRAY_BUFFER, buffer) } </script> <body onload="runTests()"> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 8 2016
ClusterFuzz has detected this issue as fixed in range 409589:409828. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6628621276151808 Fuzzer: mbarbella_webgl Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000000 Crash State: v8::internal::JSObject::AddDataElement v8::internal::Object::AddDataProperty v8::internal::Object::SetProperty Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=393646:393766 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=409589:409828 Minimized Testcase (0.41 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94qNxcoLsIUMq_gSebS9_yujc9DaNo3tlFdWXZx6nP9NgexT-FoOz6gi2pZ252O2VFHJwQwKGq_nHJdgVImtXpkt1jtKhFmlz47o58c8MTSK53QyMsk9Ri8r3Vn0dX0_hNUsT8VgMJ7TEnsphgfQP3rWmQEhQ?testcase_id=6628621276151808 <script> function create_program() { } function runTests() { var canvas = document.createElement('canvas'); var gl = canvas.getContext('experimental-webgl'); runTest(gl); } function runTest(gl) { try { runTest(gl) } catch(e) {; } try { var buffer = gl.createBuffer() } catch(e) {; } gl.bindBuffer(gl.ARRAY_BUFFER, buffer) } </script> <body onload="runTests()"> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 8 2016
ClusterFuzz has detected this issue as fixed in range 409589:409828. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6628621276151808 Fuzzer: mbarbella_webgl Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000000 Crash State: v8::internal::JSObject::AddDataElement v8::internal::Object::AddDataProperty v8::internal::Object::SetProperty Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=393646:393766 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=409589:409828 Minimized Testcase (0.41 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94qNxcoLsIUMq_gSebS9_yujc9DaNo3tlFdWXZx6nP9NgexT-FoOz6gi2pZ252O2VFHJwQwKGq_nHJdgVImtXpkt1jtKhFmlz47o58c8MTSK53QyMsk9Ri8r3Vn0dX0_hNUsT8VgMJ7TEnsphgfQP3rWmQEhQ?testcase_id=6628621276151808 <script> function create_program() { } function runTests() { var canvas = document.createElement('canvas'); var gl = canvas.getContext('experimental-webgl'); runTest(gl); } function runTest(gl) { try { runTest(gl) } catch(e) {; } try { var buffer = gl.createBuffer() } catch(e) {; } gl.bindBuffer(gl.ARRAY_BUFFER, buffer) } </script> <body onload="runTests()"> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 8 2016
ClusterFuzz has detected this issue as fixed in range 409589:409828. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6628621276151808 Fuzzer: mbarbella_webgl Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000000 Crash State: v8::internal::JSObject::AddDataElement v8::internal::Object::AddDataProperty v8::internal::Object::SetProperty Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=393646:393766 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=409589:409828 Minimized Testcase (0.41 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94qNxcoLsIUMq_gSebS9_yujc9DaNo3tlFdWXZx6nP9NgexT-FoOz6gi2pZ252O2VFHJwQwKGq_nHJdgVImtXpkt1jtKhFmlz47o58c8MTSK53QyMsk9Ri8r3Vn0dX0_hNUsT8VgMJ7TEnsphgfQP3rWmQEhQ?testcase_id=6628621276151808 <script> function create_program() { } function runTests() { var canvas = document.createElement('canvas'); var gl = canvas.getContext('experimental-webgl'); runTest(gl); } function runTest(gl) { try { runTest(gl) } catch(e) {; } try { var buffer = gl.createBuffer() } catch(e) {; } gl.bindBuffer(gl.ARRAY_BUFFER, buffer) } </script> <body onload="runTests()"> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 8 2016
ClusterFuzz has detected this issue as fixed in range 409589:409828. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6628621276151808 Fuzzer: mbarbella_webgl Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000000 Crash State: v8::internal::JSObject::AddDataElement v8::internal::Object::AddDataProperty v8::internal::Object::SetProperty Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=393646:393766 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=409589:409828 Minimized Testcase (0.41 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94qNxcoLsIUMq_gSebS9_yujc9DaNo3tlFdWXZx6nP9NgexT-FoOz6gi2pZ252O2VFHJwQwKGq_nHJdgVImtXpkt1jtKhFmlz47o58c8MTSK53QyMsk9Ri8r3Vn0dX0_hNUsT8VgMJ7TEnsphgfQP3rWmQEhQ?testcase_id=6628621276151808 <script> function create_program() { } function runTests() { var canvas = document.createElement('canvas'); var gl = canvas.getContext('experimental-webgl'); runTest(gl); } function runTest(gl) { try { runTest(gl) } catch(e) {; } try { var buffer = gl.createBuffer() } catch(e) {; } gl.bindBuffer(gl.ARRAY_BUFFER, buffer) } </script> <body onload="runTests()"> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 8 2016
ClusterFuzz has detected this issue as fixed in range 409589:409828. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6628621276151808 Fuzzer: mbarbella_webgl Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000000 Crash State: v8::internal::JSObject::AddDataElement v8::internal::Object::AddDataProperty v8::internal::Object::SetProperty Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=393646:393766 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=409589:409828 Minimized Testcase (0.41 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94qNxcoLsIUMq_gSebS9_yujc9DaNo3tlFdWXZx6nP9NgexT-FoOz6gi2pZ252O2VFHJwQwKGq_nHJdgVImtXpkt1jtKhFmlz47o58c8MTSK53QyMsk9Ri8r3Vn0dX0_hNUsT8VgMJ7TEnsphgfQP3rWmQEhQ?testcase_id=6628621276151808 <script> function create_program() { } function runTests() { var canvas = document.createElement('canvas'); var gl = canvas.getContext('experimental-webgl'); runTest(gl); } function runTest(gl) { try { runTest(gl) } catch(e) {; } try { var buffer = gl.createBuffer() } catch(e) {; } gl.bindBuffer(gl.ARRAY_BUFFER, buffer) } </script> <body onload="runTests()"> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 8 2016
ClusterFuzz has detected this issue as fixed in range 409589:409828. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6628621276151808 Fuzzer: mbarbella_webgl Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000000 Crash State: v8::internal::JSObject::AddDataElement v8::internal::Object::AddDataProperty v8::internal::Object::SetProperty Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=393646:393766 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=409589:409828 Minimized Testcase (0.41 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94qNxcoLsIUMq_gSebS9_yujc9DaNo3tlFdWXZx6nP9NgexT-FoOz6gi2pZ252O2VFHJwQwKGq_nHJdgVImtXpkt1jtKhFmlz47o58c8MTSK53QyMsk9Ri8r3Vn0dX0_hNUsT8VgMJ7TEnsphgfQP3rWmQEhQ?testcase_id=6628621276151808 <script> function create_program() { } function runTests() { var canvas = document.createElement('canvas'); var gl = canvas.getContext('experimental-webgl'); runTest(gl); } function runTest(gl) { try { runTest(gl) } catch(e) {; } try { var buffer = gl.createBuffer() } catch(e) {; } gl.bindBuffer(gl.ARRAY_BUFFER, buffer) } </script> <body onload="runTests()"> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 8 2016
ClusterFuzz has detected this issue as fixed in range 409589:409828. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6628621276151808 Fuzzer: mbarbella_webgl Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000000 Crash State: v8::internal::JSObject::AddDataElement v8::internal::Object::AddDataProperty v8::internal::Object::SetProperty Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=393646:393766 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=409589:409828 Minimized Testcase (0.41 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94qNxcoLsIUMq_gSebS9_yujc9DaNo3tlFdWXZx6nP9NgexT-FoOz6gi2pZ252O2VFHJwQwKGq_nHJdgVImtXpkt1jtKhFmlz47o58c8MTSK53QyMsk9Ri8r3Vn0dX0_hNUsT8VgMJ7TEnsphgfQP3rWmQEhQ?testcase_id=6628621276151808 <script> function create_program() { } function runTests() { var canvas = document.createElement('canvas'); var gl = canvas.getContext('experimental-webgl'); runTest(gl); } function runTest(gl) { try { runTest(gl) } catch(e) {; } try { var buffer = gl.createBuffer() } catch(e) {; } gl.bindBuffer(gl.ARRAY_BUFFER, buffer) } </script> <body onload="runTests()"> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 8 2016
ClusterFuzz has detected this issue as fixed in range 409589:409828. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6628621276151808 Fuzzer: mbarbella_webgl Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000000 Crash State: v8::internal::JSObject::AddDataElement v8::internal::Object::AddDataProperty v8::internal::Object::SetProperty Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=393646:393766 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=409589:409828 Minimized Testcase (0.41 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94qNxcoLsIUMq_gSebS9_yujc9DaNo3tlFdWXZx6nP9NgexT-FoOz6gi2pZ252O2VFHJwQwKGq_nHJdgVImtXpkt1jtKhFmlz47o58c8MTSK53QyMsk9Ri8r3Vn0dX0_hNUsT8VgMJ7TEnsphgfQP3rWmQEhQ?testcase_id=6628621276151808 <script> function create_program() { } function runTests() { var canvas = document.createElement('canvas'); var gl = canvas.getContext('experimental-webgl'); runTest(gl); } function runTest(gl) { try { runTest(gl) } catch(e) {; } try { var buffer = gl.createBuffer() } catch(e) {; } gl.bindBuffer(gl.ARRAY_BUFFER, buffer) } </script> <body onload="runTests()"> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 8 2016
ClusterFuzz has detected this issue as fixed in range 409589:409828. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6628621276151808 Fuzzer: mbarbella_webgl Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000000 Crash State: v8::internal::JSObject::AddDataElement v8::internal::Object::AddDataProperty v8::internal::Object::SetProperty Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=393646:393766 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=409589:409828 Minimized Testcase (0.41 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94qNxcoLsIUMq_gSebS9_yujc9DaNo3tlFdWXZx6nP9NgexT-FoOz6gi2pZ252O2VFHJwQwKGq_nHJdgVImtXpkt1jtKhFmlz47o58c8MTSK53QyMsk9Ri8r3Vn0dX0_hNUsT8VgMJ7TEnsphgfQP3rWmQEhQ?testcase_id=6628621276151808 <script> function create_program() { } function runTests() { var canvas = document.createElement('canvas'); var gl = canvas.getContext('experimental-webgl'); runTest(gl); } function runTest(gl) { try { runTest(gl) } catch(e) {; } try { var buffer = gl.createBuffer() } catch(e) {; } gl.bindBuffer(gl.ARRAY_BUFFER, buffer) } </script> <body onload="runTests()"> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 8 2016
ClusterFuzz has detected this issue as fixed in range 409589:409828. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6628621276151808 Fuzzer: mbarbella_webgl Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000000 Crash State: v8::internal::JSObject::AddDataElement v8::internal::Object::AddDataProperty v8::internal::Object::SetProperty Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=393646:393766 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=409589:409828 Minimized Testcase (0.41 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94qNxcoLsIUMq_gSebS9_yujc9DaNo3tlFdWXZx6nP9NgexT-FoOz6gi2pZ252O2VFHJwQwKGq_nHJdgVImtXpkt1jtKhFmlz47o58c8MTSK53QyMsk9Ri8r3Vn0dX0_hNUsT8VgMJ7TEnsphgfQP3rWmQEhQ?testcase_id=6628621276151808 <script> function create_program() { } function runTests() { var canvas = document.createElement('canvas'); var gl = canvas.getContext('experimental-webgl'); runTest(gl); } function runTest(gl) { try { runTest(gl) } catch(e) {; } try { var buffer = gl.createBuffer() } catch(e) {; } gl.bindBuffer(gl.ARRAY_BUFFER, buffer) } </script> <body onload="runTests()"> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 8 2016
ClusterFuzz has detected this issue as fixed in range 409589:409828. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6628621276151808 Fuzzer: mbarbella_webgl Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000000 Crash State: v8::internal::JSObject::AddDataElement v8::internal::Object::AddDataProperty v8::internal::Object::SetProperty Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=393646:393766 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=409589:409828 Minimized Testcase (0.41 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94qNxcoLsIUMq_gSebS9_yujc9DaNo3tlFdWXZx6nP9NgexT-FoOz6gi2pZ252O2VFHJwQwKGq_nHJdgVImtXpkt1jtKhFmlz47o58c8MTSK53QyMsk9Ri8r3Vn0dX0_hNUsT8VgMJ7TEnsphgfQP3rWmQEhQ?testcase_id=6628621276151808 <script> function create_program() { } function runTests() { var canvas = document.createElement('canvas'); var gl = canvas.getContext('experimental-webgl'); runTest(gl); } function runTest(gl) { try { runTest(gl) } catch(e) {; } try { var buffer = gl.createBuffer() } catch(e) {; } gl.bindBuffer(gl.ARRAY_BUFFER, buffer) } </script> <body onload="runTests()"> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 8 2016
ClusterFuzz has detected this issue as fixed in range 409589:409828. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6628621276151808 Fuzzer: mbarbella_webgl Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000000 Crash State: v8::internal::JSObject::AddDataElement v8::internal::Object::AddDataProperty v8::internal::Object::SetProperty Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=393646:393766 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=409589:409828 Minimized Testcase (0.41 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94qNxcoLsIUMq_gSebS9_yujc9DaNo3tlFdWXZx6nP9NgexT-FoOz6gi2pZ252O2VFHJwQwKGq_nHJdgVImtXpkt1jtKhFmlz47o58c8MTSK53QyMsk9Ri8r3Vn0dX0_hNUsT8VgMJ7TEnsphgfQP3rWmQEhQ?testcase_id=6628621276151808 <script> function create_program() { } function runTests() { var canvas = document.createElement('canvas'); var gl = canvas.getContext('experimental-webgl'); runTest(gl); } function runTest(gl) { try { runTest(gl) } catch(e) {; } try { var buffer = gl.createBuffer() } catch(e) {; } gl.bindBuffer(gl.ARRAY_BUFFER, buffer) } </script> <body onload="runTests()"> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 8 2016
ClusterFuzz has detected this issue as fixed in range 409589:409828. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6628621276151808 Fuzzer: mbarbella_webgl Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000000 Crash State: v8::internal::JSObject::AddDataElement v8::internal::Object::AddDataProperty v8::internal::Object::SetProperty Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=393646:393766 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=409589:409828 Minimized Testcase (0.41 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94qNxcoLsIUMq_gSebS9_yujc9DaNo3tlFdWXZx6nP9NgexT-FoOz6gi2pZ252O2VFHJwQwKGq_nHJdgVImtXpkt1jtKhFmlz47o58c8MTSK53QyMsk9Ri8r3Vn0dX0_hNUsT8VgMJ7TEnsphgfQP3rWmQEhQ?testcase_id=6628621276151808 <script> function create_program() { } function runTests() { var canvas = document.createElement('canvas'); var gl = canvas.getContext('experimental-webgl'); runTest(gl); } function runTest(gl) { try { runTest(gl) } catch(e) {; } try { var buffer = gl.createBuffer() } catch(e) {; } gl.bindBuffer(gl.ARRAY_BUFFER, buffer) } </script> <body onload="runTests()"> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 8 2016
ClusterFuzz has detected this issue as fixed in range 409589:409828. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6628621276151808 Fuzzer: mbarbella_webgl Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000000 Crash State: v8::internal::JSObject::AddDataElement v8::internal::Object::AddDataProperty v8::internal::Object::SetProperty Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=393646:393766 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=409589:409828 Minimized Testcase (0.41 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94qNxcoLsIUMq_gSebS9_yujc9DaNo3tlFdWXZx6nP9NgexT-FoOz6gi2pZ252O2VFHJwQwKGq_nHJdgVImtXpkt1jtKhFmlz47o58c8MTSK53QyMsk9Ri8r3Vn0dX0_hNUsT8VgMJ7TEnsphgfQP3rWmQEhQ?testcase_id=6628621276151808 <script> function create_program() { } function runTests() { var canvas = document.createElement('canvas'); var gl = canvas.getContext('experimental-webgl'); runTest(gl); } function runTest(gl) { try { runTest(gl) } catch(e) {; } try { var buffer = gl.createBuffer() } catch(e) {; } gl.bindBuffer(gl.ARRAY_BUFFER, buffer) } </script> <body onload="runTests()"> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 8 2016
ClusterFuzz has detected this issue as fixed in range 409589:409828. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6628621276151808 Fuzzer: mbarbella_webgl Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000000 Crash State: v8::internal::JSObject::AddDataElement v8::internal::Object::AddDataProperty v8::internal::Object::SetProperty Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=393646:393766 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=409589:409828 Minimized Testcase (0.41 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94qNxcoLsIUMq_gSebS9_yujc9DaNo3tlFdWXZx6nP9NgexT-FoOz6gi2pZ252O2VFHJwQwKGq_nHJdgVImtXpkt1jtKhFmlz47o58c8MTSK53QyMsk9Ri8r3Vn0dX0_hNUsT8VgMJ7TEnsphgfQP3rWmQEhQ?testcase_id=6628621276151808 <script> function create_program() { } function runTests() { var canvas = document.createElement('canvas'); var gl = canvas.getContext('experimental-webgl'); runTest(gl); } function runTest(gl) { try { runTest(gl) } catch(e) {; } try { var buffer = gl.createBuffer() } catch(e) {; } gl.bindBuffer(gl.ARRAY_BUFFER, buffer) } </script> <body onload="runTests()"> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 8 2016
ClusterFuzz has detected this issue as fixed in range 409589:409828. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6628621276151808 Fuzzer: mbarbella_webgl Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000000 Crash State: v8::internal::JSObject::AddDataElement v8::internal::Object::AddDataProperty v8::internal::Object::SetProperty Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=393646:393766 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=409589:409828 Minimized Testcase (0.41 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94qNxcoLsIUMq_gSebS9_yujc9DaNo3tlFdWXZx6nP9NgexT-FoOz6gi2pZ252O2VFHJwQwKGq_nHJdgVImtXpkt1jtKhFmlz47o58c8MTSK53QyMsk9Ri8r3Vn0dX0_hNUsT8VgMJ7TEnsphgfQP3rWmQEhQ?testcase_id=6628621276151808 <script> function create_program() { } function runTests() { var canvas = document.createElement('canvas'); var gl = canvas.getContext('experimental-webgl'); runTest(gl); } function runTest(gl) { try { runTest(gl) } catch(e) {; } try { var buffer = gl.createBuffer() } catch(e) {; } gl.bindBuffer(gl.ARRAY_BUFFER, buffer) } </script> <body onload="runTests()"> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 8 2016
As per updates from #10 to #26, marking the bug as fixed. Thank you.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by durga.behera@chromium.org
, Jun 14 2016Labels: Te-Logged M-52