Issue metadata
Sign in to add a comment
|
Crash in v8::internal::Isolate::native_context |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6199031579803648 Fuzzer: mbarbella_js_mutation Job Type: windows_asan_d8 Platform Id: windows Crash Type: UNKNOWN READ Crash Address: 0x0000001c Crash State: v8::internal::Isolate::native_context v8::internal::Factory::NewTypeError v8::internal::Runtime::GetObjectProperty Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_d8&range=405844:405858 Minimized Testcase (0.25 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv962NBoOemLS9gANwPZhpSJF7EAze0OBOTpRpLJcAScKJvbTeKrJTEfC5Rr1KMde9Gt-2kCXaNlI_TYcxOL1nrjLZ9qqb8do0K8wlsgoNZf_Grp75OOwFV7Y1TtstorT9xST8gzMhvpNt6O62WS50f9IdcO4Kg?testcase_id=6199031579803648 __v_9 = false; function __f_9() { if (__v_9) throw 1; } function __f_10(a) { try { __f_9(); } catch(e) { if (typeof e !== 'number' && e !== 1) throw e; return a[0]; } } __f_10(); %OptimizeFunctionOnNextCall(__f_10); __v_9 = true; __f_10(); Filer: nyerramilli See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 18 2016
,
Oct 18 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by nyerramilli@chromium.org
, Jul 18 2016Components: Tools>Test>FindIt>NoResult
Labels: findit-wrong Te-Logged