Issue metadata
Sign in to add a comment
|
Use-of-uninitialized-value in v8::internal::compiler::ScheduleLateNodeVisitor::ScheduleRegion |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6539455927418880 Fuzzer: mbarbella_js_mutation Job Type: linux_msan_d8 Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: v8::internal::compiler::ScheduleLateNodeVisitor::ScheduleRegion v8::internal::compiler::ScheduleLateNodeVisitor::ProcessQueue v8::internal::compiler::Scheduler::ScheduleLate Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_d8&range=440451:440490 Minimized Testcase (0.23 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv97hnLeXSARbv0Djid1KT4qXZx9Vd4bMnF-Ljh0IjxJv5PW6dd07-7z4cXwlvGT0TZ0r2RJV4astysg8YkUHLmkuZpclfyAwJp8uMY_o0qETQ0J4SO2FQ54bvzlbZ00QNxf9jW9ggLVINT-LObphrW8I6xYNkg6v4EyA6mTcuvNDFPWmn5x7GAf-iNEAOMN15BeVwCc9Nk6DR3rHSApJDoYqFL6N48gKYr4pepQ9odmGV3bNVZFepuY44huHX0v-bylyhtYQxcef-7_WOnYxIa8e1LrgEqy3reg_bpWK3buEsPOQUnSaDso9mGLPApVY30koiJoy2PDGCN09WafNuS7D9cW3h9wHHpyNKE8_a85bMjQIndw?testcase_id=6539455927418880 try { } catch(e) {; } function __f_3() { var __v_4 = {x:0}; for (var __v_3 = 0; __v_4.x < 1;) { __v_4.x++; __v_3+= 1; } function __f_4() {__v_3}; __v_3 = __v_4; } __f_3(); %OptimizeFunctionOnNextCall(__f_3); __f_3(); Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Dec 31 2016
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Dec 31 2016
,
Jan 1 2017
,
Jan 4 2017
ClusterFuzz has detected this issue as fixed in range 441108:441112. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6539455927418880 Fuzzer: mbarbella_js_mutation Job Type: linux_msan_d8 Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: v8::internal::compiler::ScheduleLateNodeVisitor::ScheduleRegion v8::internal::compiler::ScheduleLateNodeVisitor::ProcessQueue v8::internal::compiler::Scheduler::ScheduleLate Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_d8&range=440451:440490 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_d8&range=441108:441112 Minimized Testcase (0.23 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv97hnLeXSARbv0Djid1KT4qXZx9Vd4bMnF-Ljh0IjxJv5PW6dd07-7z4cXwlvGT0TZ0r2RJV4astysg8YkUHLmkuZpclfyAwJp8uMY_o0qETQ0J4SO2FQ54bvzlbZ00QNxf9jW9ggLVINT-LObphrW8I6xYNkg6v4EyA6mTcuvNDFPWmn5x7GAf-iNEAOMN15BeVwCc9Nk6DR3rHSApJDoYqFL6N48gKYr4pepQ9odmGV3bNVZFepuY44huHX0v-bylyhtYQxcef-7_WOnYxIa8e1LrgEqy3reg_bpWK3buEsPOQUnSaDso9mGLPApVY30koiJoy2PDGCN09WafNuS7D9cW3h9wHHpyNKE8_a85bMjQIndw?testcase_id=6539455927418880 try { } catch(e) {; } function __f_3() { var __v_4 = {x:0}; for (var __v_3 = 0; __v_4.x < 1;) { __v_4.x++; __v_3+= 1; } function __f_4() {__v_3}; __v_3 = __v_4; } __f_3(); %OptimizeFunctionOnNextCall(__f_3); __f_3(); See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 4 2017
,
Jan 27 2017
,
Apr 12 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Dec 31 2016