Issue metadata
Sign in to add a comment
|
Crash in v8::internal::Factory::NewTuple2 |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5410467083452416 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8 Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: v8::internal::Factory::NewTuple2 v8::internal::PropertyICCompiler::CompileKeyedStoreMonomorphicHandler v8::internal::PropertyICCompiler::CompileKeyedStorePolymorphicHandlers Regressed: V8: r41331:41332 Minimized Testcase (0.12 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94hsF2vosTfDAp8RgXOydj0GzRMfcDtMlciYn5f2sfWOOajzgju8vBUg8nAgHF9bLPlZTNVrw-jQFe27vMJbAUYqt9MbRmx0Zz5gP6vGv-OwHaRY-17cBu_Heg5W6v3QNZZI8OJ1bRB0PGYc4nHezVatuM0cg?testcase_id=5410467083452416 __v_0 = Object.create(null); function __f_0(__v_0, base) { __v_0[base] = 2; } __f_0(__v_0); __f_0("r12"); __f_0(__v_0, 0); Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Nov 29 2016
,
Nov 30 2016
ClusterFuzz has detected this issue as fixed in range 41336:41337. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5410467083452416 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8 Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: v8::internal::Factory::NewTuple2 v8::internal::PropertyICCompiler::CompileKeyedStoreMonomorphicHandler v8::internal::PropertyICCompiler::CompileKeyedStorePolymorphicHandlers Regressed: V8: r41331:41332 Fixed: V8: r41336:41337 Minimized Testcase (0.12 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94hsF2vosTfDAp8RgXOydj0GzRMfcDtMlciYn5f2sfWOOajzgju8vBUg8nAgHF9bLPlZTNVrw-jQFe27vMJbAUYqt9MbRmx0Zz5gP6vGv-OwHaRY-17cBu_Heg5W6v3QNZZI8OJ1bRB0PGYc4nHezVatuM0cg?testcase_id=5410467083452416 __v_0 = Object.create(null); function __f_0(__v_0, base) { __v_0[base] = 2; } __f_0(__v_0); __f_0("r12"); __f_0(__v_0, 0); See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 30 2016
ClusterFuzz has detected this issue as fixed in range 41336:41337. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4568736439992320 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_v8_arm_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (location_) != nullptr in handles.cc Regressed: V8: r41331:41332 Fixed: V8: r41336:41337 Minimized Testcase (11.54 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97-xsSBUoSpB_54AFZBGun793bOrarNHlrl9z2l4mQNz595e628NIlcH0Ens1dTOIcVI29cgORoHsvaw-j_2KJiwAhNzqKX2i1t7ffdN0OC8QMrlFmgosvK3QA3FlB3VbKOxJ2Q2xDNpZl2jbUupZOWN5xCHg?testcase_id=4568736439992320 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Nov 29 2016