Crash in v8::internal::compiler::AccessInfoFactory::ComputePropertyAccessInfo |
||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5509005440188416 Fuzzer: mbarbella_js_mutation Job Type: windows_asan_d8 Platform Id: windows Crash Type: UNKNOWN READ Crash Address: 0x0000001c Crash State: v8::internal::compiler::AccessInfoFactory::ComputePropertyAccessInfo v8::internal::compiler::JSNativeContextSpecialization::ReduceJSStoreDataProperty v8::internal::compiler::JSNativeContextSpecialization::Reduce Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_d8&range=442831:443258 Minimized Testcase (0.24 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv953B1fQIHGoQ7nXeAqSUuf6ukXkDDxDB4OIzUyTvE1zPSRpdkQY04feZzraaBIVyFKDwYwltXL8fOQbuMVAT5VAbtUYh6GR4JOFQKFoTBYd4Co-XoiAOS1yRX_ixIQMpSstYuKODiQtA1Tz4bLbzrR2ThrUW6JxREchF5eKM0G885qkKnf97mYjeUkX8qB6Pkz6g5sHlxiJuAe-_3fIqQDXheZsGYpv2Hu2ldLHWYg2hO-xIz6qKbdhw_d9br7B1KO04RUYMU5M94yFPqkn9VEEkFcRMtda1EsvnL_VfhRhyIc4SnVNelZoYIB5vzwO8C2T-NxXZTK6uERXVAuL2jqTXm0svPEyJbOZJOl-CptoIfSvHCoYubr8aRX0keeMdicVNdo9QJCXeAyy77pH9uGQRfzAEQ?testcase_id=5509005440188416 try { } catch(e) {"Caught: " + e; } function __f_7() { class __v_5 { static foo() { return one + 6; } } } for (var __v_12 = 0; __v_12 < 5; ++__v_12) __f_7(); %OptimizeFunctionOnNextCall(__f_7); gc(); __f_7(); try { } catch (__v_6) { } Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Feb 4 2017
This was fixed in https://chromium.googlesource.com/v8/v8.git/+/dd8881a5c406496427e4ba794b651af8ed3de213 |
||
►
Sign in to add a comment |
||
Comment 1 by msrchandra@chromium.org
, Jan 13 2017Labels: Test-Predator-Correct-CLs
Owner: fran...@chromium.org
Status: Assigned (was: Untriaged)