Issue metadata
Sign in to add a comment
|
Crash in v8::internal::compiler::Schedule::block |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6567101613735936 Fuzzer: mbarbella_js_mutation Job Type: windows_asan_d8 Platform Id: windows Crash Type: UNKNOWN READ Crash Address: 0xbebebeca Crash State: v8::internal::compiler::Schedule::block v8::internal::compiler::CFGBuilder::BuildBlockForNode v8::internal::compiler::CFGBuilder::BuildBlocks Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_d8&range=421431:421761 Minimized Testcase (0.22 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96ERhpsS_Zjn3-6AfNIcqilpl4TIH5Tdrm40H1HGmLfqhGY8AXOLsI74G0I0RNisGBCPZqzXXD2TjfpZut9CGAeWAliWrejb3lWg-AS44f23KLl0i50n_XHtLqiq7VNSnauZCDTh734NUbX_1bGPfHhR4AbAw?testcase_id=6567101613735936 function __f_1 () { var __v_0 = ""; function __f_0() { try { eval(''); __v_0.__defineGetter__(getRandomProperty(__v_0), function() {; return __f_9; }); } catch(e) { } } return __f_0(); } __f_1(); Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Sep 30 2016
Just a fyi, automatic bug filing filed this bug due to different security flag between this one and duped 651394. This bug was crashing on a high non-null address, so was tagged security. otherwise, for same stacks, we wait on 2 days before filing another variant of same bug.
,
Jan 6 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by mstarzinger@chromium.org
, Sep 30 2016Status: Duplicate (was: Untriaged)