Crash in v8::Message::ErrorLevel |
|||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4675958335602688 Fuzzer: mbarbella_js_mutation Job Type: windows_asan_d8 Platform Id: windows Crash Type: UNKNOWN READ Crash Address: 0x00000000 Crash State: v8::Message::ErrorLevel v8::internal::MessageHandler::ReportMessage v8::internal::AsmJs::CompileAsmViaWasm Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_d8&range=441040:441041 Minimized Testcase (0.14 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95l9cjbxyQ4z0KCd5q158sU88lJCtuFiONXfr1A3NvdRzc0rSKwe5SXvb9MqblKuONW4elBI6K24tVW-a3llJ-cDpJst-2oG06vLczusQ_bzumJ50-_qtzRCbaOm8WVkXUoqwwTKRYCm9kh25xB-8yBcxo7yUpEzQyGjziaJu1mye8JBcH0P0D-Slc-ZyfWhyRsMiWKEOOlDHgstNkFnpleIM9A_3GJQTQMuxUEkxPGx7vLV3unCEqUPXCpBeLoeLp2jOGpvrdl9qFRlVCJXaRZJMQeh03T5vniVp0YSMj7HB_c9V7rgrRtFS8MNkoPDuk1U_c7u5lcsCUh0zSlSswXpeasApo2hYPZIgqq1FyjoAE5Odo?testcase_id=4675958335602688 function __f_14() { try { __f_14(); } catch(e) { __f_134(); } } __f_14(); function __f_134() { "use asm"; function __f_123() { } } Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jan 2 2017
,
Jan 4 2017
Reproduces on TOT: out/x64.debug/d8 --validate-asm ~/Downloads/FUZZ-0-1.JS
,
Jan 4 2017
I get another error locally: # # Fatal error in ../../src/asmjs/asm-js.cc, line 172 # Check failed: !info->isolate()->has_pending_exception(). # Seems related to http://crrev.com/2526703002, assigning to Brad.
,
Jan 12 2017
ClusterFuzz has detected this issue as fixed in range 441510:441524. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4675958335602688 Fuzzer: mbarbella_js_mutation Job Type: windows_asan_d8 Platform Id: windows Crash Type: UNKNOWN READ Crash Address: 0x00000000 Crash State: v8::Message::ErrorLevel v8::internal::MessageHandler::ReportMessage v8::internal::AsmJs::CompileAsmViaWasm Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_d8&range=441040:441041 Fixed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_d8&range=441510:441524 Minimized Testcase (0.14 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95l9cjbxyQ4z0KCd5q158sU88lJCtuFiONXfr1A3NvdRzc0rSKwe5SXvb9MqblKuONW4elBI6K24tVW-a3llJ-cDpJst-2oG06vLczusQ_bzumJ50-_qtzRCbaOm8WVkXUoqwwTKRYCm9kh25xB-8yBcxo7yUpEzQyGjziaJu1mye8JBcH0P0D-Slc-ZyfWhyRsMiWKEOOlDHgstNkFnpleIM9A_3GJQTQMuxUEkxPGx7vLV3unCEqUPXCpBeLoeLp2jOGpvrdl9qFRlVCJXaRZJMQeh03T5vniVp0YSMj7HB_c9V7rgrRtFS8MNkoPDuk1U_c7u5lcsCUh0zSlSswXpeasApo2hYPZIgqq1FyjoAE5Odo?testcase_id=4675958335602688 function __f_14() { try { __f_14(); } catch(e) { __f_134(); } } __f_14(); function __f_134() { "use asm"; function __f_123() { } } See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 12 2017
ClusterFuzz testcase 4675958335602688 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 Deleted