Issue metadata
Sign in to add a comment
|
TypeError: node #163:CheckBounds(input @1 = HeapConstant:HeapConstant) type Cons |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5561432613847040 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: TypeError: node #163:CheckBounds(input @1 = HeapConstant:HeapConstant) type Cons Regressed: V8: r39438:39439 Minimized Testcase (9.83 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97EYlGOHGeH2QAK1aOt2craA7NR2lUSBWHM1WVOtybHyCbdV4nw0CHVFHy7kcjPuZJnMC72US3gjUr5YSGW-WS1b_SZW67Bb1JXJdzTxjTcT671lp0q76dSYjZRDUbFM4_pTpCHcaiAT6XBCc7y-xIERto-hw?testcase_id=5561432613847040 Issue manually filed by: mstarzinger See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Sep 21 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6508067430858752 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: TypeError: node #463:CheckBounds(input @1 = HeapConstant:HeapConstant) type Cons Regressed: V8: r38369:38370 Minimized Testcase (8.32 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95wsnOAYWPScRLjn9gsZvjPUUw4BOhrEOP5Qhw1UBSSv9B4dhSFrOaLl5CgAjpqRNMIviiFj-ptAl_b955bQIBP3fLkFfuscndl36dvlK47JbKQ3XTPtqqiGYfmxZdhCDTh8Rn03Nj5oj5pcpYk7T9kKcxqJA?testcase_id=6508067430858752 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Sep 21 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4692754406047744 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_ignition_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: TypeError: node #167:CheckBounds(input @1 = HeapConstant:HeapConstant) type Cons Regressed: V8: r39438:39439 Minimized Testcase (12.76 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97yXmpRLeYsFZdpF3tFpdkbDLX8aIrh-HFyHgs8S_OW4uOdvT5p3J0sTjbyRxhhpzolh9O0DzUaBAMN4W4eTTpbaerC6QmVNwKUbDSutEljzHfHrT4W7SnoVH9HBx7cwc6SVwKxrPg9RXPyIRkHKeHNEk5T_w?testcase_id=4692754406047744 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Sep 21 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4517894744702976 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_ignition_v8_arm_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: TypeError: node #127:CheckBounds(input @1 = HeapConstant:HeapConstant) type Cons Regressed: V8: r38165:38166 Minimized Testcase (0.27 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95J2LrqEF5PTS_P9D52WvpcujFrSgFRgNmwJ3irIdONluwK5-_b2nQTwXbirVDST65IeZgCUb1bLU4q1rEy-m6tTpEfQ4G9cNw631sF_GUFcPXTkY9HKElIIzyICyVWkORfgGQE0D3ibLK4RjvnagraL58blA?testcase_id=4517894744702976 ; { } try { ; } catch(e) {"Caught: " + e; } try { var __v_4 = [0, ""]; __v_4[0] = 0; } catch(e) { print(); } function __f_4(array) { array[1] = undefined; } function __f_5() { __f_4(function() {}); __f_4(__v_4); } __f_5(); %OptimizeFunctionOnNextCall(__f_5); __f_5(); See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Sep 21 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5179844365385728 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_ignition_v8_arm_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: TypeError: node #148:MaybeGrowFastElements[ArrayObject](input @3 = HeapConstant: Minimized Testcase (0.59 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94kyS-bKGAw-3_zS3D64HfTDEKz5zbwaj1A0vPKq0WVCP_8RqP7stPPbr9Na7rvQB1Ex7EsxZr-codOQlOrBXot-XoYUMXZUq_bejBL3DBBMPrFNwwxgCJnxxmH3KfSeWsaa5NFbXCZnTfXUVvqlwhIuMtZXw?testcase_id=5179844365385728 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Sep 21 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5390684309946368 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_ignition_v8_arm_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: Phi of kRepTagged (NumberOrString) cannot be changed to kRepWord32 in representa Regressed: V8: r37889:37890 Minimized Testcase (1.76 Kb): https://cluster-fuzz.appspot.com/download/AMIfv9562lEybVGcnel2uU3QcWHDec3M6VXIYJkQQHAlyO-yoaBLK_eU2J_4uvQASxZf3HX8aRrtw77a_WPzFVxDpqCbKQAodLp6JA_rGnZOjvllRxCYDOCnqeHWw6cDmFPEpu622x7LLuFnWGsmCDP0nZIvh4OGXg?testcase_id=5390684309946368 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Sep 21 2016
,
Sep 23 2016
,
Sep 23 2016
ClusterFuzz has detected this issue as fixed in range 39655:39656. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4517894744702976 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_ignition_v8_arm_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: TypeError: node #127:CheckBounds(input @1 = HeapConstant:HeapConstant) type Cons Regressed: V8: r38165:38166 Fixed: V8: r39655:39656 Minimized Testcase (0.27 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95J2LrqEF5PTS_P9D52WvpcujFrSgFRgNmwJ3irIdONluwK5-_b2nQTwXbirVDST65IeZgCUb1bLU4q1rEy-m6tTpEfQ4G9cNw631sF_GUFcPXTkY9HKElIIzyICyVWkORfgGQE0D3ibLK4RjvnagraL58blA?testcase_id=4517894744702976 ; { } try { ; } catch(e) {"Caught: " + e; } try { var __v_4 = [0, ""]; __v_4[0] = 0; } catch(e) { print(); } function __f_4(array) { array[1] = undefined; } function __f_5() { __f_4(function() {}); __f_4(__v_4); } __f_5(); %OptimizeFunctionOnNextCall(__f_5); __f_5(); See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 23 2016
ClusterFuzz has detected this issue as fixed in range 39655:39656. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5561432613847040 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: TypeError: node #163:CheckBounds(input @1 = HeapConstant:HeapConstant) type Cons Regressed: V8: r39438:39439 Fixed: V8: r39655:39656 Minimized Testcase (9.83 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97EYlGOHGeH2QAK1aOt2craA7NR2lUSBWHM1WVOtybHyCbdV4nw0CHVFHy7kcjPuZJnMC72US3gjUr5YSGW-WS1b_SZW67Bb1JXJdzTxjTcT671lp0q76dSYjZRDUbFM4_pTpCHcaiAT6XBCc7y-xIERto-hw?testcase_id=5561432613847040 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 24 2016
ClusterFuzz has detected this issue as fixed in range 39655:39656. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4692754406047744 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_ignition_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: TypeError: node #167:CheckBounds(input @1 = HeapConstant:HeapConstant) type Cons Regressed: V8: r39438:39439 Fixed: V8: r39655:39656 Minimized Testcase (12.76 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97yXmpRLeYsFZdpF3tFpdkbDLX8aIrh-HFyHgs8S_OW4uOdvT5p3J0sTjbyRxhhpzolh9O0DzUaBAMN4W4eTTpbaerC6QmVNwKUbDSutEljzHfHrT4W7SnoVH9HBx7cwc6SVwKxrPg9RXPyIRkHKeHNEk5T_w?testcase_id=4692754406047744 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 24 2016
ClusterFuzz has detected this issue as fixed in range 39655:39656. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6508067430858752 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: TypeError: node #463:CheckBounds(input @1 = HeapConstant:HeapConstant) type Cons Regressed: V8: r38369:38370 Fixed: V8: r39655:39656 Minimized Testcase (8.32 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95wsnOAYWPScRLjn9gsZvjPUUw4BOhrEOP5Qhw1UBSSv9B4dhSFrOaLl5CgAjpqRNMIviiFj-ptAl_b955bQIBP3fLkFfuscndl36dvlK47JbKQ3XTPtqqiGYfmxZdhCDTh8Rn03Nj5oj5pcpYk7T9kKcxqJA?testcase_id=6508067430858752 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 24 2016
ClusterFuzz has detected this issue as fixed in range 39655:39656. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5179844365385728 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_ignition_v8_arm_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: TypeError: node #148:MaybeGrowFastElements[ArrayObject](input @3 = HeapConstant: Regressed: V8: r38417:38418 Fixed: V8: r39655:39656 Minimized Testcase (0.59 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94kyS-bKGAw-3_zS3D64HfTDEKz5zbwaj1A0vPKq0WVCP_8RqP7stPPbr9Na7rvQB1Ex7EsxZr-codOQlOrBXot-XoYUMXZUq_bejBL3DBBMPrFNwwxgCJnxxmH3KfSeWsaa5NFbXCZnTfXUVvqlwhIuMtZXw?testcase_id=5179844365385728 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 24 2016
ClusterFuzz has detected this issue as fixed in range 39655:39656. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5571672109481984 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: TypeError: node #141:CheckBounds(input @1 = HeapConstant:HeapConstant) type Cons Regressed: V8: r38165:38166 Fixed: V8: r39655:39656 Minimized Testcase (7.93 Kb): https://cluster-fuzz.appspot.com/download/AMIfv940RjTQXlm4yb-0n9Wkw5qDTb-Hk0gIwy4u487N26Q4M872MNmss7Z7E0Hegj8xprqTA7lKT6Ss9tNldGubeCubOo_04wYQgELpUx3c0OmDMudAJYycPLRtNBEyj6kpWrFWOh08g8HYNNHEtz1g0y575XgUdg?testcase_id=5571672109481984 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 28 2016
ClusterFuzz has detected this issue as fixed in range 39775:39776. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5390684309946368 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_ignition_v8_arm_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: Phi of kRepTagged (NumberOrString) cannot be changed to kRepWord32 in representa Regressed: V8: r37889:37890 Fixed: V8: r39775:39776 Minimized Testcase (1.76 Kb): https://cluster-fuzz.appspot.com/download/AMIfv9562lEybVGcnel2uU3QcWHDec3M6VXIYJkQQHAlyO-yoaBLK_eU2J_4uvQASxZf3HX8aRrtw77a_WPzFVxDpqCbKQAodLp6JA_rGnZOjvllRxCYDOCnqeHWw6cDmFPEpu622x7LLuFnWGsmCDP0nZIvh4OGXg?testcase_id=5390684309946368 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Sep 21 2016