Issue metadata
Sign in to add a comment
|
Fatal error in |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5093374216634368 Fuzzer: mbarbella_js_mutation Job Type: windows_asan_d8 Platform Id: windows Crash Type: Fatal error Crash Address: Crash State: V8_Fatal v8::internal::TranslatedState::MaterializeAt v8::internal::TranslatedValue::GetValue Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_d8&range=419839:420163 Minimized Testcase (0.16 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95fOpvlVRG6fyfBurGp1KPWV1LvbCUjf7sg_5EbQFbsyvytPXI4x5BCN1pWy3nC7Cqc6mdslHyZobs8awkS8uB7R-YWL7oaZwGz7_6KrLHjWlWdKXpa6oaUCC9_wLTe5RJTziDFqJ_ZW39MchcYfBQEUpAy6Q?testcase_id=5093374216634368 function __f_3(str) { var __v_3 = "We also try to materalize {" + str + "} when deopting"; return __v_3.length; } %OptimizeFunctionOnNextCall(__f_3); __f_3(); Issue manually filed by: mmohammad See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Sep 23 2016
I really wish our Windows jobs wouldn't take my regression test from a later version and run it against an earlier version without the fix. This is already fixed by the same CL that added the regression test with was used as the obvious seed for the above repro.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mmohammad@chromium.org
, Sep 22 2016Status: Assigned (was: Untriaged)