New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 651347 link

Starred by 1 user
Status: WontFix
Owner:
bradnelson@chromium.org
Last visit > 30 days ago
Closed: Dec 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug-Regression



Sign in to add a comment

Fatal error in

Project Member Reported by ClusterFuzz, Sep 29 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5982657764917248

Fuzzer: mbarbella_js_mutation
Job Type: windows_asan_d8
Platform Id: windows

Crash Type: Fatal error
Crash Address: 
Crash State:
  
  V8_Fatal
  v8::internal::wasm::AsmWasmBuilderImpl::VisitLiteral
  v8::internal::wasm::AsmWasmBuilderImpl::VisitBinaryOperation
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_d8&range=421045:421431

Minimized Testcase (0.40 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv95IJ8lPo3Tq7eN6QhKSPdMVZvTujPBVZx9QkrWHV--ovcBemX3EavwLAB_SVp4sa3LyVGwa_0yHhbawJn9jSK9jEkFQkBYhN6olaTWkMA4A0FHMathNIExkBToi5Mg6nizp4_tUzJbOFrZF1pCKbBjvfrakDw?testcase_id=5982657764917248
  1, function () {
  }();
function __f_1() {
  function __f_2() {
    "use asm";
    FUNC_BODY
    return {main: FUNC_NAME};
  }
  var __v_2 = __f_2.toString()
    .replace(/FUNC_BODY/g, func.toString())
    .replace(/FUNC_NAME/g, func.name);
  return eval("(" + __v_2 + ")");
}
function __f_16() {
}
function __f_21(a) {
  a = a | 0;
-a | 0;
}
__v_9 = [ __f_21];
  for (func of __v_9) {
__f_1(), {
    };
  }


Issue manually filed by: brajkumar

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by brajkumar@chromium.org, Sep 29 2016

Labels: -Type-Bug Te-Logged Type-Bug-Regression
Owner: bradnelson@chromium.org
Status: Assigned (was: Untriaged)
Through code search on file "asm-wasm-builder.cc",suspecting the below change
Review URL: https://codereview.chromium.org/2377903002

bradnelson@ - Observed some recent changes on this file, so assigning to you. Could you please check if this is caused with respect to this change, if not please help us in reassign the issue to the right owner.
Project Member

Comment 2 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 3 by ClusterFuzz, Dec 22 2016

Status: WontFix (was: Assigned)
ClusterFuzz testcase 5982657764917248 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment