(map()->unused_property_fields())==(actual_unused_property_fields - JSObject::kF |
||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5383336658993152 Fuzzer: meacer_chromebot_extensions Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (map()->unused_property_fields())==(actual_unused_property_fields - JSObject::kF [vdso] v8::base::OS::Abort V8_Fatal Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=404238:404340 Minimized Testcase (18.10 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94q_MMRQRLKcebNw9kK71ta_yolpfbor1NPIKe9luYeKuttejC_bAGSpmF2iIuYJiVrKbHZjr8c_le1okSSDWH1wIRoTg6S-oUKLyCLbMV6ZSRYS_wMW-IDn1ymcf-KWQxp7W53FkdOdRNQtVDDMf3CTfArAF2W9FGXNalFiM79A-GLWI4?testcase_id=5383336658993152 Filer: mmohammad See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 11 2016
I'm not sure what you're saying was last updated months ago. I cannot reproduce this issue, and the repro case looks very strange--no JavaScript, just a page redirect. I'm wondering if there are Clusterfuzz issues here that make the reproduction different from the original. I'm also not sure what's pointing to my patch, as it does not seem to be in the linked V8 range https://chromium.googlesource.com/v8/v8/+log/b70ce97a8692ddc60102e481a502de32cd4b305e..8e8649093cb16688093b49a7046de3d67b8f3068?pretty=fuller . Could you look at this further from an infrastructure perspective, mmohammad?
,
Jul 11 2016
let me re- check and update the same. Thank you !
,
Jul 14 2016
ClusterFuzz has detected this issue as fixed in range 405052:405102. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5383336658993152 Fuzzer: meacer_chromebot_extensions Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (map()->unused_property_fields())==(actual_unused_property_fields - JSObject::kF [vdso] v8::base::OS::Abort V8_Fatal Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=404238:404340 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=405052:405102 Minimized Testcase (18.10 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94q_MMRQRLKcebNw9kK71ta_yolpfbor1NPIKe9luYeKuttejC_bAGSpmF2iIuYJiVrKbHZjr8c_le1okSSDWH1wIRoTg6S-oUKLyCLbMV6ZSRYS_wMW-IDn1ymcf-KWQxp7W53FkdOdRNQtVDDMf3CTfArAF2W9FGXNalFiM79A-GLWI4?testcase_id=5383336658993152 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 14 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||
►
Sign in to add a comment |
||||
Comment 1 by mmohammad@chromium.org
, Jul 11 2016Status: Assigned (was: Available)