Direct-leak in v8::internal::Malloced::New |
|||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4632675287826432 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8 Platform Id: linux Crash Type: Direct-leak Crash Address: Crash State: v8::internal::Malloced::New v8::internal::TypedSlotSet::Insert v8::internal::Code::CopyFrom Regressed: V8: r39734:39735 Minimized Testcase (1.10 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94Qm2F3gzuJE7MUPwdTGY2RX6_hmijUJGrr_2vJMQgGgevgBm_8Cy05lCa1anAUHaziY9wdxeAu42_TY5U0b7GjxPWmvjEXIEiTEixx0lP5RsFZ05TBmUEygZFocdqveLHANWMPwzH5nCpfeBApmWj3TC2D0w?testcase_id=4632675287826432 Issue manually filed by: mstarzinger See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Sep 27 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5279585677869056 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8 Platform Id: linux Crash Type: Direct-leak Crash Address: Crash State: v8::internal::Malloced::New v8::internal::TypedSlotSet::TypedSlotSet v8::internal::MemoryChunk::AllocateTypedOldToNewSlots Regressed: V8: r39734:39735 Minimized Testcase (0.07 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv97Xp-ELLhhGJkNRAQjvv3P9tdMgGscqqfe8HZUmNdPAobydEkp9c3RI_0w3MVbH2zO0KCKeIlgBzAWfy206w2hiUxnU5nA_QSgclM989H-x457NAIBR8VA2tW6vqyz1xP0KXslP2lkYUNou5u2opBjnDxy9GQ?testcase_id=5279585677869056 function __f_6() { __f_6(/./.test()); }; try { __f_6(); } catch(e) {; } See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Sep 27 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5120411773960192 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_ignition_dbg Platform Id: linux Crash Type: Direct-leak Crash Address: Crash State: v8::internal::Malloced::New v8::internal::TypedSlotSet::Insert v8::internal::RememberedSet< Regressed: V8: r39734:39735 Minimized Testcase (4.70 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96C6WziqBXvcPY7vly-oR-NEZGYQyrJUcMRNIgB7fkFfc2yyFIjEKJdgNGpkwdxnIk5SI-LtsRFwJlrTEEnV_uUsxFgs4aCzXw2iLCpcZ6uSNWn_3LxfqS6_3002vn_LUwuS-UJ6EY0A37QNyg6z5grPPCgZg?testcase_id=5120411773960192 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Sep 27 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6493442454847488 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: Direct-leak Crash Address: Crash State: v8::internal::Malloced::New v8::internal::MemoryChunk::AllocateTypedOldToNewSlots v8::internal::RememberedSet< Regressed: V8: r39734:39735 Minimized Testcase (9.90 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96EcyItmYwicasW9vKamHmx0QStCSnro9QChy240e8MvL9rISDWHybt55pXyBzBxZxdbQ5ETVUrppJaHq5z3F6pEfnLGmTNJ0a2VA-3gpa9OTkSSma5EnIkk6qsY5K6dvwPWjxs-SXRNdo4KBBhmuy3S_rhGA?testcase_id=6493442454847488 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Sep 27 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/b3a46ea45f00510c5c3da4f96323a0ab7e2dd6c4 commit b3a46ea45f00510c5c3da4f96323a0ab7e2dd6c4 Author: hpayer <hpayer@chromium.org> Date: Tue Sep 27 12:40:06 2016 [heap] Call FreeToBeFreedChunks in TypedSlotSet destructor. BUG= chromium:650577 , chromium:648568 Review-Url: https://codereview.chromium.org/2372933003 Cr-Commit-Position: refs/heads/master@{#39767} [modify] https://crrev.com/b3a46ea45f00510c5c3da4f96323a0ab7e2dd6c4/src/heap/slot-set.h
,
Sep 28 2016
ClusterFuzz has detected this issue as fixed in range 39766:39767. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6493442454847488 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: Direct-leak Crash Address: Crash State: v8::internal::Malloced::New v8::internal::MemoryChunk::AllocateTypedOldToNewSlots v8::internal::RememberedSet< Regressed: V8: r39734:39735 Fixed: V8: r39766:39767 Minimized Testcase (9.90 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96EcyItmYwicasW9vKamHmx0QStCSnro9QChy240e8MvL9rISDWHybt55pXyBzBxZxdbQ5ETVUrppJaHq5z3F6pEfnLGmTNJ0a2VA-3gpa9OTkSSma5EnIkk6qsY5K6dvwPWjxs-SXRNdo4KBBhmuy3S_rhGA?testcase_id=6493442454847488 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 28 2016
ClusterFuzz has detected this issue as fixed in range 39766:39767. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5279585677869056 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8 Platform Id: linux Crash Type: Direct-leak Crash Address: Crash State: v8::internal::Malloced::New v8::internal::TypedSlotSet::TypedSlotSet v8::internal::MemoryChunk::AllocateTypedOldToNewSlots Regressed: V8: r39734:39735 Fixed: V8: r39766:39767 Minimized Testcase (0.07 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv97Xp-ELLhhGJkNRAQjvv3P9tdMgGscqqfe8HZUmNdPAobydEkp9c3RI_0w3MVbH2zO0KCKeIlgBzAWfy206w2hiUxnU5nA_QSgclM989H-x457NAIBR8VA2tW6vqyz1xP0KXslP2lkYUNou5u2opBjnDxy9GQ?testcase_id=5279585677869056 function __f_6() { __f_6(/./.test()); }; try { __f_6(); } catch(e) {; } See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 28 2016
ClusterFuzz has detected this issue as fixed in range 39766:39767. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4632675287826432 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8 Platform Id: linux Crash Type: Direct-leak Crash Address: Crash State: v8::internal::Malloced::New v8::internal::TypedSlotSet::Insert v8::internal::Code::CopyFrom Regressed: V8: r39734:39735 Fixed: V8: r39766:39767 Minimized Testcase (1.10 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94Qm2F3gzuJE7MUPwdTGY2RX6_hmijUJGrr_2vJMQgGgevgBm_8Cy05lCa1anAUHaziY9wdxeAu42_TY5U0b7GjxPWmvjEXIEiTEixx0lP5RsFZ05TBmUEygZFocdqveLHANWMPwzH5nCpfeBApmWj3TC2D0w?testcase_id=4632675287826432 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 28 2016
ClusterFuzz has detected this issue as fixed in range 39766:39767. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5120411773960192 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_ignition_dbg Platform Id: linux Crash Type: Direct-leak Crash Address: Crash State: v8::internal::Malloced::New v8::internal::TypedSlotSet::Insert v8::internal::RememberedSet< Regressed: V8: r39734:39735 Fixed: V8: r39766:39767 Minimized Testcase (4.70 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96C6WziqBXvcPY7vly-oR-NEZGYQyrJUcMRNIgB7fkFfc2yyFIjEKJdgNGpkwdxnIk5SI-LtsRFwJlrTEEnV_uUsxFgs4aCzXw2iLCpcZ6uSNWn_3LxfqS6_3002vn_LUwuS-UJ6EY0A37QNyg6z5grPPCgZg?testcase_id=5120411773960192 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 28 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||
►
Sign in to add a comment |
|||
Comment 1 by mstarzinger@chromium.org
, Sep 27 2016Components: -Blink>JavaScript Blink>JavaScript>GC
Owner: hpayer@chromium.org
Status: Assigned (was: Untriaged)