Issue metadata
Sign in to add a comment
|
Crash in v8::internal::JSObject::AddDataElement |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6284638403428352 Fuzzer: mbarbella_js_mutation Job Type: windows_asan_d8 Platform Id: windows Crash Type: UNKNOWN READ Crash Address: 0x00000004 Crash State: v8::internal::JSObject::AddDataElement v8::internal::Object::AddDataProperty v8::internal::Object::SetProperty Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_d8&range=440957:440964 Minimized Testcase (0.08 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv97hFo5cyd5Tia4mPeEd0FtWSYeS33aMRwTwYsF_TxmuhZzS8v4nP0WuCNriS0NAGQCwK32Gd7OaSh4-6gw4qu3WRdksFuN5rzFSb2lr8iG2hcjX-v-mtuYgMBBBY65Gvfadzyn9V9_191T28QlR-rsk7ILQSY0IjEVvAO1kHNVqg69MypjW0-Ad78lpPiDTlWDMwHhBNpdUN5FPvaZNvT-M2jVUk-dmh8dkoJZyF_rv4NSp_wpV9sT4qVuxdFRxQo_-Px6lUwKSgKIWLEEJ0Rpyt2wtjD2IW-qJeADHtg30RF3ofqD3x7k4GfG2pkq0Vl3BE_NUMtk0ppt59Vcjk1hIlMuMIJ8aKrz0nXgGAOb9-f_IDU40iUH-iqySK3ZVKVHZZ8qIr6LxNVrHZvhdo4LLVUsxzQ?testcase_id=6284638403428352 __v_0 = new Array(5000001); __v_0.push(); try { } catch(e) { print("Caught: " + e); } Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jan 5 2017
My change was a simple rename, so could not have been responsible for this change. Assigning to the v8 memory sheriff.
,
Jan 10 2017
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by msrchandra@chromium.org
, Jan 5 2017Labels: Test-Predator-Wrong-CLs
Owner: adamk@chromium.org
Status: Assigned (was: Untriaged)