Crash in GetChars |
|||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6090774493265920 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_ignition_dbg Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: GetChars v8::internal::String::GetFlatContent v8::internal::__RT_impl_Runtime_StringParseInt Regressed: V8: r39415:39416 Minimized Testcase (0.28 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96TwxgCnr-Y9A7RKkM7szV_Kmb9-t-vBvlN74ejGD1AsLKRlIM0wp8BV_9UBP1qf0D8xXZ23OLcjBaBnHBxZLorweAbDwVviSQK9AyJsviNMJgMtgbpbIW1l3sIenwwkXNeWK7-yNVCtyECK4QRitrNamNI_g?testcase_id=6090774493265920 try { ( { })(); } catch(e) {; } function __f_19() { __v_18 = new Set(); } function __f_18() { __v_18.xyz = 0x826852f4; } __f_19(); __f_19(); %OptimizeFunctionOnNextCall(__f_19); __f_19(); __f_18(); __f_18(); %OptimizeFunctionOnNextCall(__f_18); __f_18(); __f_19(); __f_18(); parseInt(); Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Oct 27 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||
►
Sign in to add a comment |
|||
Comment 1 by ClusterFuzz
, Oct 27 2016