lang_arg->length() <= 3 in runtime-i18n.cc |
|||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6572666975944704 Fuzzer: v8_builtins_generator Job Type: linux_asan_d8_ignition_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: lang_arg->length() <= 3 in runtime-i18n.cc Sanitizer: address (ASAN) Regressed: V8: r42245:42246 Minimized Testcase (0.10 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv945kPuiItU7EF_Qr5F3FbLDTB8WlxOUoiKX75q8YMvyV2QTtnX0GMXjcNSDnT4rR8Msn0cmuA8beVKiXf1LI9ug8fJ9aDGdxyVr1VwAnAwaiiu7y0Xyh2LVHm5dYKARxGwIudtXtN-6iC9GmJETktM_bGFk_UalglTnuv0Gv2maoBaMZbWUwyj5-52ChZDz65GvTm-K-Iu-v3N_QHbbLjxBjHMlWiZwycNvnq5stTHpMfQqsKIbpze3AgQ5fZmTZIkM0un03ip47c6UbysxcHADKmrbYQtUiKSw38mINdShnlQoEAvCP24cOLnGzTi3t_Ea1mLRcClO58TdnbiK_4u-Maszy5nIF7Py3SH0sFeIisSoh4JjPn-UPjb_O8dFE1oXUY8zJ7QXM3iU7--qpH_-OcywdQ?testcase_id=6572666975944704 v6 = new Boolean(); v10 = new String(); v19 = v6.toString(); v23 = v10.toLocaleUpperCase(v19); Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jan 12 2017
v6 = new Boolean(); v10 = new String(); v19 = v6.toString(); v23 = v10.toLocaleUpperCase(v19); This is very strange. v19 is "false" and it should fail isStructuallyValid() test leading to an invalid arg exception even before reaching runtime-i18n.cc.
,
Jan 12 2017
DCHECK was wrong. It should be '8'. I overlooked the fact that BCP 47 has 'reserved' provision for longer primary language tag (up to 8 chars long). https://tools.ietf.org/html/bcp47#section-2.2.1
,
Jan 14 2017
ClusterFuzz has detected this issue as fixed in range 42342:42343. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6572666975944704 Fuzzer: v8_builtins_generator Job Type: linux_asan_d8_ignition_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: lang_arg->length() <= 3 in runtime-i18n.cc Sanitizer: address (ASAN) Regressed: V8: r42245:42246 Fixed: V8: r42342:42343 Minimized Testcase (0.10 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv945kPuiItU7EF_Qr5F3FbLDTB8WlxOUoiKX75q8YMvyV2QTtnX0GMXjcNSDnT4rR8Msn0cmuA8beVKiXf1LI9ug8fJ9aDGdxyVr1VwAnAwaiiu7y0Xyh2LVHm5dYKARxGwIudtXtN-6iC9GmJETktM_bGFk_UalglTnuv0Gv2maoBaMZbWUwyj5-52ChZDz65GvTm-K-Iu-v3N_QHbbLjxBjHMlWiZwycNvnq5stTHpMfQqsKIbpze3AgQ5fZmTZIkM0un03ip47c6UbysxcHADKmrbYQtUiKSw38mINdShnlQoEAvCP24cOLnGzTi3t_Ea1mLRcClO58TdnbiK_4u-Maszy5nIF7Py3SH0sFeIisSoh4JjPn-UPjb_O8dFE1oXUY8zJ7QXM3iU7--qpH_-OcywdQ?testcase_id=6572666975944704 v6 = new Boolean(); v10 = new String(); v19 = v6.toString(); v23 = v10.toLocaleUpperCase(v19); See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 14 2017
ClusterFuzz testcase 6572666975944704 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||
►
Sign in to add a comment |
|||
Comment 1 by msrchandra@chromium.org
, Jan 12 2017Labels: Test-Predator-Wrong
Owner: js...@chromium.org
Status: Assigned (was: Untriaged)