New issue
Advanced search Search tips

Issue 669804 link

Starred by 1 user

Issue metadata

Status: Duplicate
Merged: issue 669517
Owner:
Closed: Nov 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Crash in v8::internal::Map::instance_type

Project Member Reported by ClusterFuzz, Nov 30 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5946484236484608

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  v8::internal::Map::instance_type
  IsHeapNumber
  IsHeapNumber
  
Regressed: V8: r41355:41356

Minimized Testcase (5.19 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97pP5Tc3rU8lsKDxkoqdyw8C4CgYeiajg5eSlC_8tZgtdRkStKA2EnzS2osuqJJSPIpJ9RUDT2sL2-XF2Xl6-l7ITifza8a4rCw-YhOyKh1Swxf9Fc8iAw_hp-FwZXEMDkgi97FdPXWHOMg9nt6kjo-Tx6W2A?testcase_id=5946484236484608

Issue manually filed by: mstarzinger

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
 
Cc: bmeu...@chromium.org mstarzinger@chromium.org
Owner: rmcilroy@chromium.org
Status: Assigned (was: Untriaged)
Regression range points to 067e9e295fa50a3d4a5eb77e6515f30df944069f, but the stack trace looks more like related to  issue 669517 , not sure.
 Issue 669646  has been merged into this issue.
 Issue 669767  has been merged into this issue.
Mergedinto: 669517
Status: Duplicate (was: Assigned)
Yeah pretty certain this is related to  issue 669517 , it's just blowing up a different way because the random garbage it's accessing on the stack is different. Not sure why the regression range points at the compilation cache CL though, that seems strange.
Project Member

Comment 5 by ClusterFuzz, Dec 1 2016

ClusterFuzz has detected this issue as fixed in range 41386:41387.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5946484236484608

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  v8::internal::Map::instance_type
  IsHeapNumber
  IsHeapNumber
  
Regressed: V8: r41355:41356
Fixed: V8: r41386:41387

Minimized Testcase (5.19 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97pP5Tc3rU8lsKDxkoqdyw8C4CgYeiajg5eSlC_8tZgtdRkStKA2EnzS2osuqJJSPIpJ9RUDT2sL2-XF2Xl6-l7ITifza8a4rCw-YhOyKh1Swxf9Fc8iAw_hp-FwZXEMDkgi97FdPXWHOMg9nt6kjo-Tx6W2A?testcase_id=5946484236484608

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment