Issue metadata
Sign in to add a comment
|
!v8::internal::FLAG_enable_slow_asserts || (object->IsSeqOneByteString()) in obj |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6710149884674048 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_mipsel_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !v8::internal::FLAG_enable_slow_asserts || (object->IsSeqOneByteString()) in obj Regressed: V8: r37484:37485 Minimized Testcase (8.08 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95iwDREWIrxkr92IQ1FI3IA4x87jQdZcmO-5413qP78IVjg_CaGdecDf6dYLRVDxrbpvj8St6GyqdRvi5xWEdYuXCOw4x-Jsycf0QAmwtEpeIp9xHg6UcwM9BUZUrzXBovrGI8RF90uckTfHN6ATUIHyRkunA?testcase_id=6710149884674048 Filer: jarin See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 4 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6406267560263680 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_mipsel_dbg Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x0000001c Crash State: v8::internal::VerifyPointersVisitor::VisitPointers v8::internal::JavaScriptFrame::Iterate v8::internal::Isolate::Iterate Regressed: V8: r37476:37477 Minimized Testcase (0.25 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95v2sApnOp8IxwYJCFJi2vxlxzYYhjn4xCAoKVsCSJ_ZypdqYOowD9twF1qncUDhfYf6FrkSorJyULIZXl_mKAJiTU4wRA-h_g0PrBFi9BI8Rn4KxMfsiop01f3Fj0NZRk3MnbPfxfuRdOny7wNgt6Tj8F0nQ?testcase_id=6406267560263680 var assertArrayEquals; var assertPropertiesEqual; var assertToStringEquals; var assertTrue; var assertFalse; var triggerAssertFalse; var assertNull; var assertNotNull; var assertThrows; var assertDoesNotThrow; var assertInstanceof; var assertUnreachable; } Filer: jarin See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 4 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6298031666495488 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_mipsel_dbg Platform Id: linux Crash Type: Global-buffer-overflow READ 4 Crash Address: 0x0cb2a838 Crash State: v8::internal::RootMarkingVisitor::MarkObjectByPointer v8::internal::RootMarkingVisitor::VisitPointers v8::internal::JavaScriptFrame::Iterate Regressed: V8: r37476:37477 Minimized Testcase (3.92 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96fZT3jMA41NwqSQS1Nsnntnzj90D4r3QvvWZh2J3H5L6zOcjlG3g-V-Tq11Ltb80KSVymI1KaekPmcjfDnHEHQTwwFZiaLnRMVd-9wEgrFjNdRgUIvCwGvipGsFHItjEr3TjuH_vsIhtZv8rc3REJCF3qOFw?testcase_id=6298031666495488 Filer: jarin See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 4 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5836941224574976 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_mipsel_dbg Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0xbee06fcc Crash State: v8::internal::RootMarkingVisitor::MarkObjectByPointer v8::internal::RootMarkingVisitor::VisitPointers v8::internal::JavaScriptFrame::Iterate Recommended Security Severity: Medium Regressed: V8: r37476:37477 Minimized Testcase (0.78 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94fp5xT4lq_ohnDsVT_HbauSrp3GI7VPTzRaA6dZ_6vhEW-mcgLVg3pMrZlwovON8mewM46PFhCVLYLTVQmAtgDVy_ctdHvdf4tjgevXgw1nNFqwnQbmvBqRr3_ixnXw0-lr9Qm6yR_fCs648LTExy01OGBTQ?testcase_id=5836941224574976 Filer: jarin See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 4 2016
,
Jul 4 2016
ClusterFuzz has detected this issue as fixed in range 37498:37499. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6406267560263680 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_mipsel_dbg Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x0000001c Crash State: v8::internal::VerifyPointersVisitor::VisitPointers v8::internal::JavaScriptFrame::Iterate v8::internal::Isolate::Iterate Regressed: V8: r37476:37477 Fixed: V8: r37498:37499 Minimized Testcase (0.25 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95v2sApnOp8IxwYJCFJi2vxlxzYYhjn4xCAoKVsCSJ_ZypdqYOowD9twF1qncUDhfYf6FrkSorJyULIZXl_mKAJiTU4wRA-h_g0PrBFi9BI8Rn4KxMfsiop01f3Fj0NZRk3MnbPfxfuRdOny7wNgt6Tj8F0nQ?testcase_id=6406267560263680 var assertArrayEquals; var assertPropertiesEqual; var assertToStringEquals; var assertTrue; var assertFalse; var triggerAssertFalse; var assertNull; var assertNotNull; var assertThrows; var assertDoesNotThrow; var assertInstanceof; var assertUnreachable; } See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 4 2016
ClusterFuzz has detected this issue as fixed in range 37498:37499. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5836941224574976 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_mipsel_dbg Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0xbee06fcc Crash State: v8::internal::RootMarkingVisitor::MarkObjectByPointer v8::internal::RootMarkingVisitor::VisitPointers v8::internal::JavaScriptFrame::Iterate Recommended Security Severity: Medium Regressed: V8: r37476:37477 Fixed: V8: r37498:37499 Minimized Testcase (0.78 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94fp5xT4lq_ohnDsVT_HbauSrp3GI7VPTzRaA6dZ_6vhEW-mcgLVg3pMrZlwovON8mewM46PFhCVLYLTVQmAtgDVy_ctdHvdf4tjgevXgw1nNFqwnQbmvBqRr3_ixnXw0-lr9Qm6yR_fCs648LTExy01OGBTQ?testcase_id=5836941224574976 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 4 2016
ClusterFuzz has detected this issue as fixed in range 37498:37499. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6710149884674048 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_mipsel_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !v8::internal::FLAG_enable_slow_asserts || (object->IsSeqOneByteString()) in obj Regressed: V8: r37484:37485 Fixed: V8: r37498:37499 Minimized Testcase (8.08 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95iwDREWIrxkr92IQ1FI3IA4x87jQdZcmO-5413qP78IVjg_CaGdecDf6dYLRVDxrbpvj8St6GyqdRvi5xWEdYuXCOw4x-Jsycf0QAmwtEpeIp9xHg6UcwM9BUZUrzXBovrGI8RF90uckTfHN6ATUIHyRkunA?testcase_id=6710149884674048 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 5 2016
ClusterFuzz has detected this issue as fixed in range 37498:37499. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6298031666495488 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_mipsel_dbg Platform Id: linux Crash Type: Global-buffer-overflow READ 4 Crash Address: 0x0cb2a838 Crash State: v8::internal::RootMarkingVisitor::MarkObjectByPointer v8::internal::RootMarkingVisitor::VisitPointers v8::internal::JavaScriptFrame::Iterate Regressed: V8: r37476:37477 Fixed: V8: r37498:37499 Minimized Testcase (3.92 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96fZT3jMA41NwqSQS1Nsnntnzj90D4r3QvvWZh2J3H5L6zOcjlG3g-V-Tq11Ltb80KSVymI1KaekPmcjfDnHEHQTwwFZiaLnRMVd-9wEgrFjNdRgUIvCwGvipGsFHItjEr3TjuH_vsIhtZv8rc3REJCF3qOFw?testcase_id=6298031666495488 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 Deleted