New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 678552 link

Starred by 1 user
Status: Duplicate
Merged: issue 670981
Owner:
jochen@chromium.org
Closed: Jan 2017
Cc:
jgruber@chromium.org
msrchandra@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug



Sign in to add a comment

Crash in v8::internal::JSObject::AddDataElement

Project Member Reported by ClusterFuzz, Jan 5 2017 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6284638403428352

Fuzzer: mbarbella_js_mutation
Job Type: windows_asan_d8
Platform Id: windows

Crash Type: UNKNOWN READ
Crash Address: 0x00000004
Crash State:
  v8::internal::JSObject::AddDataElement
  v8::internal::Object::AddDataProperty
  v8::internal::Object::SetProperty
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_d8&range=440957:440964

Minimized Testcase (0.08 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv97hFo5cyd5Tia4mPeEd0FtWSYeS33aMRwTwYsF_TxmuhZzS8v4nP0WuCNriS0NAGQCwK32Gd7OaSh4-6gw4qu3WRdksFuN5rzFSb2lr8iG2hcjX-v-mtuYgMBBBY65Gvfadzyn9V9_191T28QlR-rsk7ILQSY0IjEVvAO1kHNVqg69MypjW0-Ad78lpPiDTlWDMwHhBNpdUN5FPvaZNvT-M2jVUk-dmh8dkoJZyF_rv4NSp_wpV9sT4qVuxdFRxQo_-Px6lUwKSgKIWLEEJ0Rpyt2wtjD2IW-qJeADHtg30RF3ofqD3x7k4GfG2pkq0Vl3BE_NUMtk0ppt59Vcjk1hIlMuMIJ8aKrz0nXgGAOb9-f_IDU40iUH-iqySK3ZVKVHZZ8qIr6LxNVrHZvhdo4LLVUsxzQ?testcase_id=6284638403428352
__v_0 = new Array(5000001);
__v_0.push();
try {
} catch(e) { print("Caught: " + e); }


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by msrchandra@chromium.org, Jan 5 2017

Cc: msrchandra@chromium.org
Labels: Test-Predator-Wrong-CLs
Owner: adamk@chromium.org
Status: Assigned (was: Untriaged)
Find it and CL did not provide any possible suspects.
Using Code Search for the file, "objects.cc" assigning to the concern owner --
Suspecting Commit#
https://chromium.googlesource.com/v8/v8/+/db7f0169f5cca3beb64f7460527bbd508a0fb94a

@adamk -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Comment 2 by adamk@chromium.org, Jan 5 2017

Cc: jgruber@chromium.org
Owner: jochen@chromium.org
My change was a simple rename, so could not have been responsible for this change. Assigning to the v8 memory sheriff.

Comment 3 by jochen@chromium.org, Jan 10 2017

Mergedinto: 670981
Status: Duplicate (was: Assigned)

Sign in to add a comment