New issue
Advanced search Search tips

Issue 671332 link

Starred by 1 user
Status: Verified
Owner: ----
Closed: Dec 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

(val)<=(std::numeric_limits<N>::max()) in operator.cc

Project Member Reported by ClusterFuzz, Dec 5 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6673802521214976

Fuzzer: mbarbella_js_mutation
Job Type: linux_cfi_d8
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  (val)<=(std::numeric_limits<N>::max()) in operator.cc
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_cfi_d8&range=425944:426075

Minimized Testcase (0.41 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv97QQ_L5MH0m7x_H5j2KvqDadAA9SIVzQmulBpz0WD0CtpcwVEBy2ueBq3i2U7_iOY376L9kt80alCnVZfPmnv1YVgX0TUtJcs2vzALimnwriG5R3Nbtva_hBnCMR_zFObcp7ixUHEntdVXhg-aDCMfLcFtBZw?testcase_id=6673802521214976
try {
( {
})();
} catch(e) {; }
function __f_5(n) {
  test_prefix = 'prefix ';
  test_suffix = ' suffix';
  var __v_5 = 'test_prefix + (function f(';
  for (var __v_6 = 0; __v_6 < n ; __v_6++) {
    if (__v_6 != 0) __v_5 += ',';
    __v_5 += '__v_6' + __v_6;
  }
  __v_5 += ') { return __v_6' + (n - n % 2) / 2 + '; })(';
  __v_5 += ') + test_suffix';
  return eval(__v_5);
}
 __f_5(65535);
'prefix 3000 suffix', __f_5();


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Project Member

Comment 1 by ClusterFuzz, Dec 7 2016 

ClusterFuzz has detected this issue as fixed in range 436578:436624.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6673802521214976

Fuzzer: mbarbella_js_mutation
Job Type: linux_cfi_d8
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  (val)<=(std::numeric_limits<N>::max()) in operator.cc
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_cfi_d8&range=425944:426075
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_cfi_d8&range=436578:436624

Minimized Testcase (0.41 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv97QQ_L5MH0m7x_H5j2KvqDadAA9SIVzQmulBpz0WD0CtpcwVEBy2ueBq3i2U7_iOY376L9kt80alCnVZfPmnv1YVgX0TUtJcs2vzALimnwriG5R3Nbtva_hBnCMR_zFObcp7ixUHEntdVXhg-aDCMfLcFtBZw?testcase_id=6673802521214976
try {
( {
})();
} catch(e) {; }
function __f_5(n) {
  test_prefix = 'prefix ';
  test_suffix = ' suffix';
  var __v_5 = 'test_prefix + (function f(';
  for (var __v_6 = 0; __v_6 < n ; __v_6++) {
    if (__v_6 != 0) __v_5 += ',';
    __v_5 += '__v_6' + __v_6;
  }
  __v_5 += ') { return __v_6' + (n - n % 2) / 2 + '; })(';
  __v_5 += ') + test_suffix';
  return eval(__v_5);
}
 __f_5(65535);
'prefix 3000 suffix', __f_5();


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 2 by ClusterFuzz, Dec 7 2016

Labels: ClusterFuzz-Verified
Status: Verified (was: Untriaged)
ClusterFuzz testcase 6673802521214976 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment