Issue metadata
Sign in to add a comment
|
Crash in v8::internal::JavaScriptFrame::receiver |
||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5972763110277120 Fuzzer: inferno_layout_test_unmodified Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x7ffc4b95e378 Crash State: v8::internal::JavaScriptFrame::receiver v8::internal::JavaScriptFrame::Summarize v8::internal::Isolate::CaptureSimpleStackTrace Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=359738:359776 Minimized Testcase (0.15 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv97yQsFgVvX9PYeSxYGwM-Etd9kTyAfVafdspkcC288ayGIfGObfXWyW8uNTORU_Qnjq0jjReI00PXSnwBdujxovpxeFNvB7Il5oX5-unQP2GGArfvJR2UBdjhRNrQx9IPuNKWNBzCKyZB8F2TDm-AqsI4KIYw?testcase_id=5972763110277120 <script> function go (y = (function rec() { b = "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCAAAA"; a2 + 1; })() , b = eval() ) {} go(); </script> Filer: tanin See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 25 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Jun 25 2016
Adding Merge-Triage label for tracking purposes. Once your fix had sufficient bake time (on canary, dev as appropriate), please nominate your fix for merge by adding the Merge-Request-XX label, where XX is the Chrome milestone. When your merge is approved by the release manager, please start merging with higher milestone label first. Make sure to re-request merge for every milestone in the label list. You can get branch information on omahaproxy.appspot.com. Your fix is very close to the branch point. After the branch happens, please make sure to check if your fix is in. - Your friendly ClusterFuzz
,
Jun 25 2016
,
Jul 8 2016
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
,
Jul 28
|
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by ClusterFuzz
, Jun 25 2016