Issue metadata
Sign in to add a comment
|
args[1]->IsName() in runtime-object.cc |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4786060555190272 Fuzzer: mbarbella_js_mutation Job Type: windows_asan_d8 Platform Id: windows Crash Type: CHECK failure Crash Address: Crash State: args[1]->IsName() in runtime-object.cc Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_d8&range=405185:405467 Minimized Testcase (0.26 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95BzsZeNe6rcT_9seIPJchzXEAnKTw6CFVwgoUH4gyFHhwGlF-AsNg1WfBN-Ow7NzrSNoHWJjZO3nHd2gkRXbAGLmwtr2NC_lIcw7Xke5GO3tYUh2QV_4ozEBkQUTA0gLWD_dJZwK4sL1DK28ZU-FpsA3cuEA?testcase_id=4786060555190272 try { } catch(e) {; } (function __f_3() { function __f_5() { var __v_2 = { toString: function() { %DeoptimizeFunction(__f_5); } }; return { [__v_2]() { return 23 } }; } __f_5(); %OptimizeFunctionOnNextCall(__f_5); __f_5(); })(); Filer: mmohammad See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 15 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by mmohammad@chromium.org
, Jul 15 2016Status: Assigned (was: Available)