New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 669899 link

Starred by 1 user
Status: Verified
Owner:
bradnelson@chromium.org
Last visit > 30 days ago
Closed: Dec 2016
Cc:
titzer@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

(indices) != nullptr in asm-wasm-builder.cc

Project Member Reported by ClusterFuzz, Nov 30 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5772977959600128

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  (indices) != nullptr in asm-wasm-builder.cc
  
Regressed: V8: r41371:41372

Minimized Testcase (0.39 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv94hgv_cuYoEUMqpOH3q9SHTElxxNZIqEDNEX6-PVHIQg-HU-v8bqRsFHtgi_bv1bfg65Sur93gfMvb1UrT33P23t3L1x0IEVeDul0_WWmhfTfwQoDF-ul9_-UvS8yv3bV8Y3VkVC87FEh4FTRTLcElz07Y4CA?testcase_id=5772977959600128
try {
(function () {
})();
} catch(e) {; }
  function __f_113() {
  }
(function () {
function __f_89() {
  "use asm";
  function __f_63(__v_26, __v_28) {
    __v_26 = __v_26|0;
    __v_28 = __v_28|0;
  }
  function __f_21(table_id, fun_id, arg1, arg2) {
    table_id = table_id|0;
    fun_id = fun_id|0;
    arg1 = arg1|0;
    arg2 = arg2|0;
  }
  var __v_17 = [];
}
var module = __f_89();
})();


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by mstarzinger@chromium.org, Nov 30 2016

Cc: titzer@chromium.org
Owner: bradnelson@chromium.org
Status: Assigned (was: Untriaged)
Regression range point to 14e05c104684226ecc2ecaef9794d55803f52023.

Comment 2 by bradnelson@google.com, Nov 30 2016 

Fix out for review:
https://codereview.chromium.org/2546553002
Project Member

Comment 3 by ClusterFuzz, Dec 1 2016 

ClusterFuzz has detected this issue as fixed in range 41402:41403.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5772977959600128

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  (indices) != nullptr in asm-wasm-builder.cc
  
Regressed: V8: r41371:41372
Fixed: V8: r41402:41403

Minimized Testcase (0.39 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv94hgv_cuYoEUMqpOH3q9SHTElxxNZIqEDNEX6-PVHIQg-HU-v8bqRsFHtgi_bv1bfg65Sur93gfMvb1UrT33P23t3L1x0IEVeDul0_WWmhfTfwQoDF-ul9_-UvS8yv3bV8Y3VkVC87FEh4FTRTLcElz07Y4CA?testcase_id=5772977959600128
try {
(function () {
})();
} catch(e) {; }
  function __f_113() {
  }
(function () {
function __f_89() {
  "use asm";
  function __f_63(__v_26, __v_28) {
    __v_26 = __v_26|0;
    __v_28 = __v_28|0;
  }
  function __f_21(table_id, fun_id, arg1, arg2) {
    table_id = table_id|0;
    fun_id = fun_id|0;
    arg1 = arg1|0;
    arg2 = arg2|0;
  }
  var __v_17 = [];
}
var module = __f_89();
})();


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 4 by ClusterFuzz, Dec 1 2016

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment