target_info->type() != AsmType::None() in asm-typer.cc |
||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5490620452044800 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_arm_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: target_info->type() != AsmType::None() in asm-typer.cc Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95lbVfQF1DowUERJhU2J9uG3H98_RPeqL41uBs660iHJe8qgnN5UMlzm_xpeWIK0RNWsp2DIFw0YO29HBZ3tbQXO-da9SR2rGJe99IegiIrpiTNT-ZueTEgZwSkAHj_NEF20PZrqwe-UJv5juoActBq6-QDPYttHJw0h6PjdauM8WCOEpE?testcase_id=5490620452044800 Issue manually filed by: mstarzinger See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Aug 23 2016
WIP: https://codereview.chromium.org/2268363002/
,
Aug 23 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5490620452044800 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_arm_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: target_info->type() != AsmType::None() in asm-typer.cc Regressed: V8: r37728:37729 Minimized Testcase (40.70 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95SndnuDpQ86sGpqmmU2HqBATP7ojV561XkssU1ndULOcOUlOQgPSQenKx6Hgyh9S9YbVk5_2_GmOpr6gIUMESwd301n4Df5xpjyiXaV4y5qmoobG49UO1ie7Kgz1L3ubCPZmulTm4sXpPkEMTFbj3fyaajKgfMMBcCfh2QoRH-z4NOnDE?testcase_id=5490620452044800 Issue manually filed by: mstarzinger See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Aug 23 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/a60e1822504f1c87fd067b150354ccb544823bc3 commit a60e1822504f1c87fd067b150354ccb544823bc3 Author: jpp <jpp@chromium.org> Date: Tue Aug 23 18:08:14 2016 [Asm.js] Prevents assignments to immutables. Adds a check so that module validation fails if there are any assignments to immutable identifiers (e.g., module name, module parameters, stdlib imports.) BUG= https://bugs.chromium.org/p/chromium/issues/detail?id=640194 Review-Url: https://codereview.chromium.org/2268363002 Cr-Commit-Position: refs/heads/master@{#38838} [modify] https://crrev.com/a60e1822504f1c87fd067b150354ccb544823bc3/src/asmjs/asm-typer.cc [modify] https://crrev.com/a60e1822504f1c87fd067b150354ccb544823bc3/test/cctest/asmjs/test-asm-typer.cc
,
Aug 24 2016
ClusterFuzz has detected this issue as fixed in range 38837:38838. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5490620452044800 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_arm_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: target_info->type() != AsmType::None() in asm-typer.cc Regressed: V8: r37728:37729 Fixed: V8: r38837:38838 Minimized Testcase (40.70 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95SndnuDpQ86sGpqmmU2HqBATP7ojV561XkssU1ndULOcOUlOQgPSQenKx6Hgyh9S9YbVk5_2_GmOpr6gIUMESwd301n4Df5xpjyiXaV4y5qmoobG49UO1ie7Kgz1L3ubCPZmulTm4sXpPkEMTFbj3fyaajKgfMMBcCfh2QoRH-z4NOnDE?testcase_id=5490620452044800 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 24 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||
►
Sign in to add a comment |
||||
Comment 1 by mstarzinger@chromium.org
, Aug 23 2016Labels: -Pri-1 Pri-2
Owner: bradnelson@chromium.org
Status: Assigned (was: Untriaged)