Crash in v8::internal::LookupIterator::LookupIterator |
||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5310813793681408 Fuzzer: mbarbella_js_mutation Job Type: windows_asan_d8 Platform Id: windows Crash Type: UNKNOWN READ Crash Address: 0x00000000 Crash State: v8::internal::LookupIterator::LookupIterator v8::internal::StdlibMathMember v8::internal::AsmJs::IsStdlibValid Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_d8&range=413625:413636 Minimized Testcase (0.26 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96SHicQ9esFBWX3gFHsq509jFfL_RZQ85UYeczFtilImke21BOp_gzYWpF8rJscgo0v20LstsSqlVecHhoHOXGOrYYE2A28iIlNnzXEebnIiuavMyoc1Jw21UHiqs3lkVU8ZptidLghLCepbrAj9IOvdEXvnw?testcase_id=5310813793681408 function __f_74(expected, __f_91, __f_22) { Wasm.instantiateModuleFromAsm( __f_91.toString()); } (function () { })(); function __f_100(__v_22) { "use asm"; var __v_27 = __v_22.Math.fround; function __f_91() { } return {__f_34: __f_91}; } __f_74(1, __f_100); Issue manually filed by: mmohammad See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Oct 11 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Dec 2 2016
ClusterFuzz testcase is no longer reproducible, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by mmohammad@chromium.org
, Aug 23 2016Owner: verwa...@chromium.org
Status: Assigned (was: Untriaged)