TypeError: node #235:CheckBounds(input @1 = NumberConstant:NumberConstant) type |
|||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6222526934155264 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: TypeError: node #235:CheckBounds(input @1 = NumberConstant:NumberConstant) type Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_d8_dbg&range=36946:36947 Minimized Testcase (8.54 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94Css2PllS02Nkg73lstT4wSSpZd12hGQ-nDkrh1VFySR6enntu9uqbbnjvFulW0Cq06Cxw8eAzVrsfwBWJ1Sphg6-J8Arjzhs5NxHiLLEFi19A4HucQqOnNCrUZBrEM5QODF1D0gt1W-EQ75tSTNg2SVp8wA?testcase_id=6222526934155264 Filer: ishell See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 20 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/50d6837ada127d0ec29e28ba0518cb44a533c493 commit 50d6837ada127d0ec29e28ba0518cb44a533c493 Author: jarin <jarin@chromium.org> Date: Mon Jun 20 07:55:34 2016 [turbofan] Only consider inhabited types for constant folding in typed lowering. BUG= chromium:621423 Review-Url: https://codereview.chromium.org/2084483002 Cr-Commit-Position: refs/heads/master@{#37092} [modify] https://crrev.com/50d6837ada127d0ec29e28ba0518cb44a533c493/src/compiler/js-typed-lowering.cc [add] https://crrev.com/50d6837ada127d0ec29e28ba0518cb44a533c493/test/mjsunit/compiler/regress-621423.js
,
Jun 21 2016
ClusterFuzz has detected this issue as fixed in range 37091:37092. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6222526934155264 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: TypeError: node #235:CheckBounds(input @1 = NumberConstant:NumberConstant) type Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_d8_dbg&range=36946:36947 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_d8_dbg&range=37091:37092 Minimized Testcase (8.54 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94Css2PllS02Nkg73lstT4wSSpZd12hGQ-nDkrh1VFySR6enntu9uqbbnjvFulW0Cq06Cxw8eAzVrsfwBWJ1Sphg6-J8Arjzhs5NxHiLLEFi19A4HucQqOnNCrUZBrEM5QODF1D0gt1W-EQ75tSTNg2SVp8wA?testcase_id=6222526934155264 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 21 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||
►
Sign in to add a comment |
|||
Comment 1 by jarin@chromium.org
, Jun 20 2016Status: Assigned (was: Available)