Crash in v8::internal::compiler::Node::opcode |
||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5014659188129792 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8 Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: v8::internal::compiler::Node::opcode v8::internal::compiler::ScheduleLateNodeVisitor::ScheduleRegion v8::internal::compiler::ScheduleLateNodeVisitor::VisitNode Regressed: V8: r41921:41922 Minimized Testcase (0.21 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96TRzzrbdszxu5lJKLcoP_NYwrYlwVRKgQKKW42d8vw0xZ-Sav1n7p5goNHf3VUpngul3y0t34ZFo6DEEl6qBx3Uv7wBPp18ctbLU0cIIjIYoaI76Qvuu-sNJaTRGKAnuREJbGsN_MDfZbHCQnd-bEhu5U_Pg?testcase_id=5014659188129792 function __f_1() { var __v_2 = {x:0}; for (var __v_1 = 0; __v_2.x < 1;) { __v_2.x++; __v_1+= 1; } function __f_2() {__v_1}; __v_1 = __v_2; } __f_1(); %OptimizeFunctionOnNextCall(__f_1); __f_1(); Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jan 4 2017
CF points to 8435cc852672c504d5899cc2765c5b895e658efe.
,
Jan 4 2017
8435cc852672c504d5899cc2765c5b895e658efe has already been reverted, probably this is already fixed.
,
Jan 4 2017
ClusterFuzz has detected this issue as fixed in range 42022:42023. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5014659188129792 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8 Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: v8::internal::compiler::Node::opcode v8::internal::compiler::ScheduleLateNodeVisitor::ScheduleRegion v8::internal::compiler::ScheduleLateNodeVisitor::VisitNode Regressed: V8: r41921:41922 Fixed: V8: r42022:42023 Minimized Testcase (0.21 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96TRzzrbdszxu5lJKLcoP_NYwrYlwVRKgQKKW42d8vw0xZ-Sav1n7p5goNHf3VUpngul3y0t34ZFo6DEEl6qBx3Uv7wBPp18ctbLU0cIIjIYoaI76Qvuu-sNJaTRGKAnuREJbGsN_MDfZbHCQnd-bEhu5U_Pg?testcase_id=5014659188129792 function __f_1() { var __v_2 = {x:0}; for (var __v_1 = 0; __v_2.x < 1;) { __v_2.x++; __v_1+= 1; } function __f_2() {__v_1}; __v_1 = __v_2; } __f_1(); %OptimizeFunctionOnNextCall(__f_1); __f_1(); See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 4 2017
,
Jan 4 2017
Issue 677676 has been merged into this issue.
,
Jan 4 2017
ClusterFuzz testcase 5014659188129792 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by msrchandra@chromium.org
, Dec 26 2016Labels: Test-Predator-Wrong
Status: Available (was: Untriaged)