Issue metadata
Sign in to add a comment
|
Unexpected operator #163:LoadField @ node #282 in instruction-selector.cc |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5335376271245312 Fuzzer: mbarbella_js_mutation Job Type: linux_ubsan_vptr_d8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: Unexpected operator #163:LoadField @ node #282 in instruction-selector.cc Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_d8&range=417939:417948 Minimized Testcase (0.31 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95DQV74p8BMRfvVlQz0ozKDnjC-3aAIzHy_zEsqeF9wqGAbWfE6adHj9DWj2svipheZnBdzClXKLZpU8eFzwVCXmTFhAl5yV0GYQ2Hzdv6QvmOnDe7GvnLvK9ZLn_m12VOWfEfb74Joi59BDslYI26AUiRO2w?testcase_id=5335376271245312 try { ( { })(); } catch(e) {; } function __f_19( load, __f_20) { eval(); function __f_15() { var __v_14 = 23; function __f_14() { var __v_16 = 25; function __f_17() { eval(load); eval(__f_20); } __f_17(); } __f_14(); } __f_15(); } __f_19(); __f_19(); Issue manually filed by: mmohammad See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Sep 20 2016
The V8 range listed by the automated regression detection above doesn't include that suspect, see: https://chromium.googlesource.com/v8/v8/+log/5b10f96bbf0a4cd6bf14782ff7f94ae8962e2bba..1e7f076a823e2cdaea427f8247752a0c03447a77?pretty=fuller Setting labels for our triage queue.
,
Sep 20 2016
,
Sep 20 2016
Escape analysis.
,
Sep 23 2016
ClusterFuzz has detected this issue as fixed in range 420294:420300. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5335376271245312 Fuzzer: mbarbella_js_mutation Job Type: linux_ubsan_vptr_d8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: Unexpected operator #163:LoadField @ node #282 in instruction-selector.cc Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_d8&range=417939:417948 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_d8&range=420294:420300 Minimized Testcase (0.31 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95DQV74p8BMRfvVlQz0ozKDnjC-3aAIzHy_zEsqeF9wqGAbWfE6adHj9DWj2svipheZnBdzClXKLZpU8eFzwVCXmTFhAl5yV0GYQ2Hzdv6QvmOnDe7GvnLvK9ZLn_m12VOWfEfb74Joi59BDslYI26AUiRO2w?testcase_id=5335376271245312 try { ( { })(); } catch(e) {; } function __f_19( load, __f_20) { eval(); function __f_15() { var __v_14 = 23; function __f_14() { var __v_16 = 25; function __f_17() { eval(load); eval(__f_20); } __f_17(); } __f_14(); } __f_15(); } __f_19(); __f_19(); See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 23 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by mmohammad@chromium.org
, Sep 19 2016Owner: titzer@chromium.org
Status: Assigned (was: Untriaged)