New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 676797 link

Starred by 5 users

Issue metadata

Status: Verified
Owner:
Last visit > 30 days ago
Closed: Jan 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug

Blocking:
issue v8:5801



Sign in to add a comment

kWasmStmt != var_type in asm-wasm-builder.cc

Project Member Reported by ClusterFuzz, Dec 23 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6046224701718528

Fuzzer: decoder_langfuzz
Job Type: linux_asan_d8_ignition_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  kWasmStmt != var_type in asm-wasm-builder.cc
  
Regressed: V8: r41514:41515

Minimized Testcase (7.86 Kb): https://cluster-fuzz.appspot.com/download/AMIfv956N01j9h0GqlUOtS7Xn7bVjH_Oy9xRd413PtjUc4G91azexa0mNXtad7lGZDSLzPdJwEKpYhQ8HWcM-5RvakvT7MAt63egr1mIZPYSfeugCQX16MOPGL-x8o9A10vsuDIQUvBKIZ-AcylRMoWXJmDxGKC9jA?testcase_id=6046224701718528

Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
 
Cc: msrchandra@chromium.org
Labels: Test-Predator-Wrong
Owner: bradnelson@chromium.org
Status: Assigned (was: Untriaged)
Find it did not provide any possible suspect.
From CL assigning it to the concern owner --
https://chromium.googlesource.com/v8/v8/+log/9119d16904e9062d319427029c2c74270776e68e..3e8a67e5406be46e971908d69af93bf92b6ff980?pretty=fuller

@bradnelson -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.
Project Member

Comment 2 by ClusterFuzz, Dec 28 2016

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5357806673985536

Fuzzer: decoder_langfuzz
Job Type: linux_asan_d8_ignition_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  kWasmStmt != type in asm-wasm-builder.cc
  
Regressed: V8: r41514:41515

Minimized Testcase (6.35 Kb): https://cluster-fuzz.appspot.com/download/AMIfv9560X_Mz2KhXcpcE85cZBq5zP_HHJ0l5lCRY3UmDUbZuxctmesTU7e-UjWUDHplswvyU7SkDDVlOslvqGRsGszKJezuab2NggW7BVBCUlm80wscrKSKhyLsh5bsUaveApWgIDeF5uYma87J6lAfnQ_OF0MKNg?testcase_id=5357806673985536

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Cc: titzer@chromium.org aseemgarg@chromium.org
Confirmed, and reduces to (with --validate-asm):

function asmModule(){
  'use asm';
  function func() {
    return foo() | 0;
  }
  return {};
}
var wasm = asmModule();

Components: -Blink>JavaScript Blink>JavaScript>WebAssembly
Blocking: v8:5801
Cc: bradnelson@chromium.org
 Issue v8:5811  has been merged into this issue.
 Issue v8:5801  has been merged into this issue.
Cc: ahaas@chromium.org clemensh@chromium.org
 Issue 677554  has been merged into this issue.
Probably fixed, will wait for clusterfuzz to close automatically.

 Issue 669817  has been merged into this issue.
Project Member

Comment 12 by ClusterFuzz, Jan 10 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 4848577450082304 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment