Issue metadata
Sign in to add a comment
|
Handle GLOBAL_CALL in AsmWasmBuilderImpl::VisitCallExpression |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6440520953102336 Fuzzer: mbarbella_js_mutation Job Type: windows_asan_d8 Platform Id: windows Crash Type: Fatal error Crash Address: Crash State: v8::internal::wasm::AsmWasmBuilderImpl::VisitCallExpression v8::internal::wasm::AsmWasmBuilderImpl::VisitForEffect v8::internal::wasm::AsmWasmBuilderImpl::VisitNoStackOverflowCheck Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_d8&range=440953:440957 Minimized Testcase (0.14 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv953fk3F3KKeuymxukpflZvAQdjR63osXMbnDmWy4e_-_du4JRKa9ZG6l7WOnJRh0ySOr6_QkPyEu4gFHxMaRebywt1Rv_ChirjwSjjVT1RLjvOsN4nvUx7zMW-KjQPpZ_KacKbqO8JnwwnJmmPebBdKEg-IszRD1JNd8YiLUeSPh-FqEvbL1AhIZBNe0JbNuOMp6xQXeTJzww2sOi6Vi1jP71lptffHWfoq2inW66XABbZRb9Smx20ofs79Pso8xxJ8oVrZpEvQcrTbDRU6macbWFlXEJPlTUzhNENNb7_v92b7jB3dMWtG8dClqYm2zF1LdQbnVIyJ-cE29G5-LF4EgefO3Vf2fe_1yXi3VA35VytGxo0?testcase_id=6440520953102336 function __f_23(asmfunc) { var __v_27 = asmfunc(); } function __f_38() { "use asm"; function __f_43() { gc(); } } __f_23(__f_38, { }); Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jan 4 2017
Reproduces on TOT: out/x64.debug/d8 --validate-asm ~/Downloads/FUZZ-0-1.JS
,
Jan 4 2017
Reaching UNREACHABLE in AsmWasmBuilderImpl::VisitCallExpression, because call_type is CALL::GLOBAL_CALL. Assigning to Brad.
,
Jan 9 2017
,
Jan 10 2017
,
Jan 12 2017
ClusterFuzz has detected this issue as fixed in range 441510:441524. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6440520953102336 Fuzzer: mbarbella_js_mutation Job Type: windows_asan_d8 Platform Id: windows Crash Type: Fatal error Crash Address: Crash State: v8::internal::wasm::AsmWasmBuilderImpl::VisitCallExpression v8::internal::wasm::AsmWasmBuilderImpl::VisitForEffect v8::internal::wasm::AsmWasmBuilderImpl::VisitNoStackOverflowCheck Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_d8&range=440953:440957 Fixed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_d8&range=441510:441524 Minimized Testcase (0.14 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv953fk3F3KKeuymxukpflZvAQdjR63osXMbnDmWy4e_-_du4JRKa9ZG6l7WOnJRh0ySOr6_QkPyEu4gFHxMaRebywt1Rv_ChirjwSjjVT1RLjvOsN4nvUx7zMW-KjQPpZ_KacKbqO8JnwwnJmmPebBdKEg-IszRD1JNd8YiLUeSPh-FqEvbL1AhIZBNe0JbNuOMp6xQXeTJzww2sOi6Vi1jP71lptffHWfoq2inW66XABbZRb9Smx20ofs79Pso8xxJ8oVrZpEvQcrTbDRU6macbWFlXEJPlTUzhNENNb7_v92b7jB3dMWtG8dClqYm2zF1LdQbnVIyJ-cE29G5-LF4EgefO3Vf2fe_1yXi3VA35VytGxo0?testcase_id=6440520953102336 function __f_23(asmfunc) { var __v_27 = asmfunc(); } function __f_38() { "use asm"; function __f_43() { gc(); } } __f_23(__f_38, { }); See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by mummare...@chromium.org
, Dec 30 2016