Issue metadata
Sign in to add a comment
|
Stack-use-after-return in v8::internal::HandleBase::IsDereferenceAllowed |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6508575044403200 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_ignition_dbg Platform Id: linux Crash Type: Stack-use-after-return READ 8 Crash Address: 0x7f82f4b9e510 Crash State: v8::internal::HandleBase::IsDereferenceAllowed v8::internal::__RT_impl_Runtime_LoadGlobalIC_Miss v8::internal::Runtime_LoadGlobalIC_Miss Regressed: V8: r37179:37180 Minimized Testcase (7.61 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96lhoKnHstpPgDD3Z2JADMU6yKkeGbBLSshfxaDbWF9r_kExcHb-22PoKP4wSBlGqzjonjpKn7TavE1x5JDqY6fAp_vjjwhRBNR_rBBYS3YVkLbH-esEZcR5CpWHg8H-lg4hFBXxBUCCzzqTGS-QAfwWYaaAA?testcase_id=6508575044403200 Filer: rossberg See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 23 2016
,
Jun 23 2016
,
Jun 23 2016
,
Jun 23 2016
,
Jun 23 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5705557189328896 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: Stack-use-after-return READ 8 Crash Address: 0x7f0745d51520 Crash State: v8::internal::HandleBase::IsDereferenceAllowed v8::internal::Handle<v8::internal::Object> v8::internal::HandleScope::CloseAndEs v8::internal::JsonStringifier::ApplyReplacerFunction Regressed: V8: r37179:37180 Minimized Testcase (5.21 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97eYmSiVrLkXDGA8d_yUyHhLxd2NVBDJ7S_08yeZa2V7_uae2zLrCCGqqG9HynqtF9n-F9QKn2d8Uiexhjf1kHmu9plncxiW5vNQUQXu1ppRp4nx5s3DmsJvN6RoWBNZS4wbnAkPpGvlRr3LkPwcs4MqSXAeA?testcase_id=5705557189328896 Filer: ishell See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 23 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4560176619454464 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_ignition_dbg Platform Id: linux Crash Type: Stack-use-after-return READ 8 Crash Address: 0x7fbd0ff3a110 Crash State: v8::internal::HandleBase::IsDereferenceAllowed v8::internal::JsonStringifier::Result v8::internal::JsonStringifier::Serialize_< v8::internal::JsonStringifier::SerializeElement Regressed: V8: r37179:37180 Minimized Testcase (9.13 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95Xhhqg4N9PbSvGafE7A2sqwlW0QalwIZNwBTA-o8aUnh1praWeU4S_FpuE014E4XnGWyNIFnBRbq7d_S4MVVghqK7N_f8GsAjDmjYKdAYi3kM990HSyK6vfYICGoPGOlLjh0obX1Lg-jkYFnr3vQmMz-sRkg?testcase_id=4560176619454464 Filer: ishell See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 23 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6694528136511488 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_ignition_v8_arm_dbg Platform Id: linux Crash Type: Stack-use-after-return READ 4 Crash Address: 0xd4c8ce80 Crash State: v8::internal::HandleBase::IsDereferenceAllowed v8::internal::Handle<v8::internal::Object> v8::internal::HandleScope::CloseAndEs v8::internal::JsonStringifier::ApplyReplacerFunction Regressed: V8: r37179:37180 Minimized Testcase (6.90 Kb): https://cluster-fuzz.appspot.com/download/AMIfv960PMIHBSDPrVCCP8sTSTR7ez7NtnGUnyjaW6b6xiS4uFCDPDy4fFwMjzOmvZuWKOVjArQyhwTdRSd9cZCXQFmT66vcN9O8ZA08Fce4hfX39nP_PTsoW0Kjr2phWSYn9Ad9wU-uV4bcF3NwrI5Tf5UdnaBnPQ?testcase_id=6694528136511488 Filer: ishell See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 23 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6694528136511488 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_ignition_v8_arm_dbg Platform Id: linux Crash Type: Stack-use-after-return READ 4 Crash Address: 0xd4c8ce80 Crash State: v8::internal::HandleBase::IsDereferenceAllowed v8::internal::Handle<v8::internal::Object> v8::internal::HandleScope::CloseAndEs v8::internal::JsonStringifier::ApplyReplacerFunction Regressed: V8: r37179:37180 Minimized Testcase (6.90 Kb): https://cluster-fuzz.appspot.com/download/AMIfv960PMIHBSDPrVCCP8sTSTR7ez7NtnGUnyjaW6b6xiS4uFCDPDy4fFwMjzOmvZuWKOVjArQyhwTdRSd9cZCXQFmT66vcN9O8ZA08Fce4hfX39nP_PTsoW0Kjr2phWSYn9Ad9wU-uV4bcF3NwrI5Tf5UdnaBnPQ?testcase_id=6694528136511488 Filer: ishell See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 23 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5371736191401984 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_v8_arm64_dbg Platform Id: linux Crash Type: Stack-use-after-return READ 8 Crash Address: 0x7f6b2e5c5910 Crash State: v8::internal::HandleBase::IsDereferenceAllowed v8::internal::__RT_impl_Runtime_KeyedLoadIC_Miss v8::internal::Runtime_KeyedLoadIC_Miss Regressed: V8: r37179:37180 Minimized Testcase (8.65 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94q8zc-SvaotH1_JBqfU0v8MQS96u6MCP_Q93-HgMyFB5k8KeZbMVCxBHWPKYgtg7HkYqOpfnQWLWubHDGb4ixR0dZ6EMFJ1M9B9hCz35cRxLcssgZOkb-zNX_VpNR__nU9zhiYWoann4FaAGPwEMa1cKEF9Q?testcase_id=5371736191401984 Filer: ishell See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 23 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6595705368215552 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_v8_arm64_dbg Platform Id: linux Crash Type: Stack-use-after-return READ 8 Crash Address: 0x7f39a3981110 Crash State: v8::internal::HandleBase::IsDereferenceAllowed v8::internal::Object::ToNumber v8::internal::Object::ToLength Regressed: V8: r37179:37180 Minimized Testcase (11.37 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96YGdVFHNSudRUy3FCnO3qcI21njcw8jE8zEnkLjN1wHFd9-H2FD-h7MfLWuIpB9pzmijTgPTg4K7qDrDvu74w1_dZ22qtqOwhoJKtPQUl62cN6RSM0BNTktMbcd05BdkRraKALnFz5KRe6MMmSe5hq9mwSnw?testcase_id=6595705368215552 Filer: ishell See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 23 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6686143689261056 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_v8_arm64_dbg Platform Id: linux Crash Type: Stack-use-after-return READ 8 Crash Address: 0x7f559b498528 Crash State: v8::internal::HandleBase::IsDereferenceAllowed v8::internal::Context::Lookup v8::internal::LoadLookupSlot Regressed: V8: r37179:37180 Minimized Testcase (9.21 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94znHDbnf_VlB7RoMVZ8Jp6xMXMBfgrFFfozzVrX8Y3xKFn9tz72bfFzH_FgV7SpHvsfwHpHRNeCPfClU_xwXz-3qoRt-Ljnj2DRMY_kYSNkQ0yG7Wf293fsKEDzQnEUl0Bw_LfVkvKl-eAKNCyV9VB7rPUGA?testcase_id=6686143689261056 Filer: ishell See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 23 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5454473837412352 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_v8_mipsel_dbg Platform Id: linux Crash Type: Stack-use-after-return READ 4 Crash Address: 0xd4b8be78 Crash State: v8::internal::HandleBase::IsDereferenceAllowed v8::internal::__RT_impl_Runtime_KeyedLoadIC_Miss v8::internal::Runtime_KeyedLoadIC_Miss Regressed: V8: r37179:37180 Minimized Testcase (7.24 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97GGb2opqbYqEWw4SRrSGURWSbv7yO3LEMlgorE3HOO4PQDXySgpffCZnWQkKxc9jPyQHjQTKKv_AFsybauZDDgMy_F0zT-muPQnKMS6oHqt0y-y1e4ff9cN-Uus0_BHKgAIjPfSclVD52Yysp2ftrrg_J0QQ?testcase_id=5454473837412352 Filer: ishell See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 23 2016
,
Jun 24 2016
,
Jun 24 2016
ClusterFuzz has detected this issue as fixed in range 37253:37254. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6694528136511488 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_ignition_v8_arm_dbg Platform Id: linux Crash Type: Stack-use-after-return READ 4 Crash Address: 0xd4c8ce80 Crash State: v8::internal::HandleBase::IsDereferenceAllowed v8::internal::Handle<v8::internal::Object> v8::internal::HandleScope::CloseAndEs v8::internal::JsonStringifier::ApplyReplacerFunction Regressed: V8: r37179:37180 Fixed: V8: r37253:37254 Minimized Testcase (6.90 Kb): https://cluster-fuzz.appspot.com/download/AMIfv960PMIHBSDPrVCCP8sTSTR7ez7NtnGUnyjaW6b6xiS4uFCDPDy4fFwMjzOmvZuWKOVjArQyhwTdRSd9cZCXQFmT66vcN9O8ZA08Fce4hfX39nP_PTsoW0Kjr2phWSYn9Ad9wU-uV4bcF3NwrI5Tf5UdnaBnPQ?testcase_id=6694528136511488 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 24 2016
ClusterFuzz has detected this issue as fixed in range 37253:37254. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5454473837412352 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_v8_mipsel_dbg Platform Id: linux Crash Type: Stack-use-after-return READ 4 Crash Address: 0xd4b8be78 Crash State: v8::internal::HandleBase::IsDereferenceAllowed v8::internal::__RT_impl_Runtime_KeyedLoadIC_Miss v8::internal::Runtime_KeyedLoadIC_Miss Regressed: V8: r37179:37180 Fixed: V8: r37253:37254 Minimized Testcase (7.24 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97GGb2opqbYqEWw4SRrSGURWSbv7yO3LEMlgorE3HOO4PQDXySgpffCZnWQkKxc9jPyQHjQTKKv_AFsybauZDDgMy_F0zT-muPQnKMS6oHqt0y-y1e4ff9cN-Uus0_BHKgAIjPfSclVD52Yysp2ftrrg_J0QQ?testcase_id=5454473837412352 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 24 2016
ClusterFuzz has detected this issue as fixed in range 37253:37254. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6508575044403200 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_ignition_dbg Platform Id: linux Crash Type: Stack-use-after-return READ 8 Crash Address: 0x7f82f4b9e510 Crash State: v8::internal::HandleBase::IsDereferenceAllowed v8::internal::__RT_impl_Runtime_LoadGlobalIC_Miss v8::internal::Runtime_LoadGlobalIC_Miss Regressed: V8: r37179:37180 Fixed: V8: r37253:37254 Minimized Testcase (7.61 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96lhoKnHstpPgDD3Z2JADMU6yKkeGbBLSshfxaDbWF9r_kExcHb-22PoKP4wSBlGqzjonjpKn7TavE1x5JDqY6fAp_vjjwhRBNR_rBBYS3YVkLbH-esEZcR5CpWHg8H-lg4hFBXxBUCCzzqTGS-QAfwWYaaAA?testcase_id=6508575044403200 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 24 2016
ClusterFuzz has detected this issue as fixed in range 37253:37254. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5371736191401984 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_v8_arm64_dbg Platform Id: linux Crash Type: Stack-use-after-return READ 8 Crash Address: 0x7f6b2e5c5910 Crash State: v8::internal::HandleBase::IsDereferenceAllowed v8::internal::__RT_impl_Runtime_KeyedLoadIC_Miss v8::internal::Runtime_KeyedLoadIC_Miss Regressed: V8: r37179:37180 Fixed: V8: r37253:37254 Minimized Testcase (8.65 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94q8zc-SvaotH1_JBqfU0v8MQS96u6MCP_Q93-HgMyFB5k8KeZbMVCxBHWPKYgtg7HkYqOpfnQWLWubHDGb4ixR0dZ6EMFJ1M9B9hCz35cRxLcssgZOkb-zNX_VpNR__nU9zhiYWoann4FaAGPwEMa1cKEF9Q?testcase_id=5371736191401984 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 24 2016
ClusterFuzz has detected this issue as fixed in range 37253:37254. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6686143689261056 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_v8_arm64_dbg Platform Id: linux Crash Type: Stack-use-after-return READ 8 Crash Address: 0x7f559b498528 Crash State: v8::internal::HandleBase::IsDereferenceAllowed v8::internal::Context::Lookup v8::internal::LoadLookupSlot Regressed: V8: r37179:37180 Fixed: V8: r37253:37254 Minimized Testcase (9.21 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94znHDbnf_VlB7RoMVZ8Jp6xMXMBfgrFFfozzVrX8Y3xKFn9tz72bfFzH_FgV7SpHvsfwHpHRNeCPfClU_xwXz-3qoRt-Ljnj2DRMY_kYSNkQ0yG7Wf293fsKEDzQnEUl0Bw_LfVkvKl-eAKNCyV9VB7rPUGA?testcase_id=6686143689261056 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 25 2016
ClusterFuzz has detected this issue as fixed in range 37253:37254. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6595705368215552 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_v8_arm64_dbg Platform Id: linux Crash Type: Stack-use-after-return READ 8 Crash Address: 0x7f39a3981110 Crash State: v8::internal::HandleBase::IsDereferenceAllowed v8::internal::Object::ToNumber v8::internal::Object::ToLength Regressed: V8: r37179:37180 Fixed: V8: r37253:37254 Minimized Testcase (11.37 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96YGdVFHNSudRUy3FCnO3qcI21njcw8jE8zEnkLjN1wHFd9-H2FD-h7MfLWuIpB9pzmijTgPTg4K7qDrDvu74w1_dZ22qtqOwhoJKtPQUl62cN6RSM0BNTktMbcd05BdkRraKALnFz5KRe6MMmSe5hq9mwSnw?testcase_id=6595705368215552 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 25 2016
ClusterFuzz has detected this issue as fixed in range 37253:37254. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5705557189328896 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: Stack-use-after-return READ 8 Crash Address: 0x7f0745d51520 Crash State: v8::internal::HandleBase::IsDereferenceAllowed v8::internal::Handle<v8::internal::Object> v8::internal::HandleScope::CloseAndEs v8::internal::JsonStringifier::ApplyReplacerFunction Regressed: V8: r37179:37180 Fixed: V8: r37253:37254 Minimized Testcase (5.21 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97eYmSiVrLkXDGA8d_yUyHhLxd2NVBDJ7S_08yeZa2V7_uae2zLrCCGqqG9HynqtF9n-F9QKn2d8Uiexhjf1kHmu9plncxiW5vNQUQXu1ppRp4nx5s3DmsJvN6RoWBNZS4wbnAkPpGvlRr3LkPwcs4MqSXAeA?testcase_id=5705557189328896 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 25 2016
ClusterFuzz has detected this issue as fixed in range 37253:37254. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4560176619454464 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_ignition_dbg Platform Id: linux Crash Type: Stack-use-after-return READ 8 Crash Address: 0x7fbd0ff3a110 Crash State: v8::internal::HandleBase::IsDereferenceAllowed v8::internal::JsonStringifier::Result v8::internal::JsonStringifier::Serialize_< v8::internal::JsonStringifier::SerializeElement Regressed: V8: r37179:37180 Fixed: V8: r37253:37254 Minimized Testcase (9.13 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95Xhhqg4N9PbSvGafE7A2sqwlW0QalwIZNwBTA-o8aUnh1praWeU4S_FpuE014E4XnGWyNIFnBRbq7d_S4MVVghqK7N_f8GsAjDmjYKdAYi3kM990HSyK6vfYICGoPGOlLjh0obX1Lg-jkYFnr3vQmMz-sRkg?testcase_id=4560176619454464 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by rossberg@chromium.org
, Jun 23 2016Status: Assigned (was: Available)