Issue metadata
Sign in to add a comment
|
Crash in v8::internal::Invoke |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5351139388424192 Fuzzer: mbarbella_js_mutation Job Type: windows_asan_d8 Platform Id: windows Crash Type: UNKNOWN READ Crash Address: 0xf883ca06 Crash State: v8::internal::Invoke C:\windows\SYSTEM32\ntdll.dll Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_d8&range=417040:417414 Minimized Testcase (9.83 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97NaZY5u31gG2R0lbXP39cjXDeu_05PKqtfXmZP6Sp67gNed4o9_Au3mQC6HsH0vPbIQjPyDTQUuGl-2HSpJSiyI4SyMwyqhqc3wx8ldR5eBxzPFahRm00kcgP2kJUhZQS1vwF8cBG_6_gQ6imkwWoefMxwdg?testcase_id=5351139388424192 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Sep 10 2016
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 10 2016
,
Sep 11 2016
PTAL, see CF bisection result
,
Sep 13 2016
I can repro but only with the --turbo switch, so adding some random turbofan people.
,
Sep 13 2016
Assigning to clusterfuzz sheriffs. Please check the rotation on go/v8 when assigning CF issues unless the bisection points to a specific CL. The repro has --turbo, --es-staging and --validate-asm.
,
Sep 24 2016
titzer: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 29 2016
This bug is reported as M55 Beta blocker.Please try to resolve this before M55 branch on Oct 6th,2016 so it has enough baking time in Dev.
,
Oct 3 2016
Since this hasn't been touched in a while, assigning to current V8 Clusterfuzz Sheriff per go/v8
,
Oct 4 2016
A friendly reminder that M55 Beta launch is coming soon! Your bug is labelled as Beta ReleaseBlock, pls make sure to land the fix ASAP. Thank you.
,
Oct 5 2016
Requires --turbo-escape, which is not shipped, hence not blocking release.
,
Jan 12 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Sep 10 2016