!context.IsEmpty() in WindowProxy.cpp |
||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6589726573461504 Fuzzer: inferno_layout_test_unmodified Job Type: linux_msan_chrome Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !context.IsEmpty() in WindowProxy.cpp blink::WindowProxy::createContext blink::WindowProxy::initialize Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=435209:435314 Minimized Testcase (0.15 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95MkotAICbMKc7jxcctAUZAjUueS9XU3XwKFdo1WQH4jm59i0M3ffaNwdjDExEFvtRXaw0UcQy0AzfVmsKKUc6kaSWRcbIjtrxHBj9WTii-CjW0oy8iwR1AB5JXIG8LR56Pi_XjvKkEroHaqYJ6sa7x2-KUOA?testcase_id=6589726573461504 <script> var __v_18 = this; function __f_18() { try { __f_18(); __v_18.open(); } catch (ex) { } } var __v_20 = __f_18(); </script> Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Dec 27 2016
This is happening because the test code consumed all of V8 stack, and then we cannot create a new v8::Context because of short of V8 stack. We're safely crashing with CHECK, and it's intentional. We're currently not supporting this situation. So, this is working as intended.
,
Apr 18 2017
ClusterFuzz has detected this issue as fixed in range 464942:464964. Detailed report: https://clusterfuzz.com/testcase?key=6589726573461504 Fuzzer: inferno_layout_test_unmodified Job Type: linux_msan_chrome Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !context.IsEmpty() in WindowProxy.cpp blink::WindowProxy::createContext blink::WindowProxy::initialize Sanitizer: memory (MSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=435209:435314 Fixed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=464942:464964 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv97rCxk1fc7wf_gaDj0ZYsahmQjiErMyCQ-qvcq0NvVRUzqbgmgQRWJ3V8IC0RUYu8zidRSdg8YURwct_ZPD86KVkfKnGmiEt9gdLYb40vMbhB7kWZbgq2E54WKDzRDhzDOGwEOEjsmej6ce4YnuHcpcNmXrwzn32gJdZqrCgDRF7j5hD7karRyo10HuveMWQm78ADhRCZjEt8DAQD_b700ZtjyxtX96HBNYDi1LjOO83lZXVJFp2JY-j_UOXBhf2g1dZcGXMtVnZ0Up2dHsog8eLVFBsUN1OgG0IQbfLAmu3fS4dC6BSo1ZbN-r1OhyxPRSWC3ODs0dsJdKpGny4ofnvrAy11LM28K8ynw7cJWsQi17y0P27TM_B2WDPV_sDiGroh6gnK5HifRK-ZrNtKxPnv-DPQ?testcase_id=6589726573461504 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
||
►
Sign in to add a comment |
||
Comment 1 by msrchandra@chromium.org
, Dec 27 2016Labels: Test-Predator-Wrong
Owner: yukishiino@chromium.org
Status: Assigned (was: Untriaged)