Issue metadata
Sign in to add a comment
|
Crash in v8::internal::Parser::Parser |
||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6234052650860544 Fuzzer: mbarbella_js_mutation_layout Job Type: windows_syzyasan_content_shell Platform Id: windows Crash Type: UNKNOWN Crash Address: 0x000035db Crash State: v8::internal::Parser::Parser v8::internal::BackgroundParsingTask::Run blink::ScriptStreamerThread::runScriptStreamingTask Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=408374:408378 Minimized Testcase (0.11 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95BCCXFYDVVUn5x67-WZZvThmUQpGPL9vmzIB3A_Xqgteg7rnfAA7snm6P7pJp187lpzvGTem_hP0T9563qK-pX3_GA_h1TNcNdBz4YRoBs_IAIT3zqW_H0d2zpt83pFISF5SvJQlHEuLFJUgjsR8F4k9zi8g?testcase_id=6234052650860544 <a href="http://bugs.webkit.org/show_bug.cgi?id=13140"> <script> document.querySelector('a').click(); </script> Filer: tanin See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 29 2016
,
Jul 31 2016
ClusterFuzz has detected this issue as fixed in range 408661:408692. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6461468719710208 Fuzzer: mbarbella_js_mutation_layout Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000004763 Crash State: v8::internal::Parser::Parser v8::internal::BackgroundParsingTask::Run blink::ScriptStreamerThread::runScriptStreamingTask Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=408374:408378 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=408661:408692 Minimized Testcase (0.18 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv9558GdUDpKwAinJdRIxWx2SgJXn4SFQzl_glYX8bYPLHztOI9jlNh43bxD1w7BY592dWrcr2HPA7dEHEx43qlA5a5mD_8IXtVVAY5ZUWlQRbKjThiLvWfxCXAFmH17O8sKb2WyaB8yN7QrFI_7EVAgrEnhjVA?testcase_id=6461468719710208 <a href="https://bugs.webkit.org/show_bug.cgi?id=51465"> <script> __v_1 = new MouseEvent('click', {}); __v_0 = document.getElementsByTagName("a")[0]; __v_0.dispatchEvent(__v_1); </script> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 5 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by ClusterFuzz
, Jul 29 2016