New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 681707 link

Starred by 2 users

Issue metadata

Status: Verified
Owner:
Last visit > 30 days ago
Closed: Jan 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Crash in v8::internal::String::length

Project Member Reported by ClusterFuzz, Jan 16 2017

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5986354279481344

Fuzzer: decoder_langfuzz
Job Type: linux_asan_d8
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x00000000000f
Crash State:
  v8::internal::String::length
  v8::internal::ConsString* v8::internal::String::VisitFlat<v8::internal::StringCh
  v8::internal::StringCharacterStream::Reset
  
Sanitizer: address (ASAN)

Regressed: V8: r42299:42300

Minimized Testcase (7.63 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97npRztWY3Sw_HXci3Uk77Iq6Any-Qs91akzrjmPuB-HzTDJJQvW_xe2fGn8FWsDTpG7IBwS36W43oIip0E9ylMkCJ8UfmW96eU9_GD-wzjLz0kw-dIvMkV6ohnKT01KULv9qyT28118GFJh6OLQ-3V3K5Uw_OapFh5FFI5MfIX1A2IW-wZbhEHYlWi2c0KGQBRiYkzXK5aik5L5NXU_9CB-OnB8HjJvE3JfBLokKJlAjvtmEkRJ9ZOlWf7piGfYCEhR9XyhJHFbhhaszvwee3qb3jtbkVa2wJ39O9VMCGSigGkynZNrOZIqxvynDAuViNAaexZQUxdXgINs6q35fvqnhDMGqGSTHP64UKpCbLiygoFNQs?testcase_id=5986354279481344

Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
 
Owner: bradnelson@chromium.org
Status: Assigned (was: Untriaged)
Cc: titzer@chromium.org aseemgarg@chromium.org hablich@chromium.org
Status: Started (was: Assigned)
Fix sent out in:
https://codereview.chromium.org/2641513003/
Cc: bradnelson@chromium.org
 Issue 681187  has been merged into this issue.
 Issue 681386  has been merged into this issue.
Labels: Hotlist-Asm
Components: -Blink>JavaScript Blink>JavaScript>WebAssembly
Project Member

Comment 7 by ClusterFuzz, Jan 18 2017

ClusterFuzz has detected this issue as fixed in range 42432:42433.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5986354279481344

Fuzzer: decoder_langfuzz
Job Type: linux_asan_d8
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x00000000000f
Crash State:
  v8::internal::String::length
  v8::internal::ConsString* v8::internal::String::VisitFlat<v8::internal::StringCh
  v8::internal::StringCharacterStream::Reset
  
Sanitizer: address (ASAN)

Regressed: V8: r42299:42300
Fixed: V8: r42432:42433

Minimized Testcase (7.63 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97npRztWY3Sw_HXci3Uk77Iq6Any-Qs91akzrjmPuB-HzTDJJQvW_xe2fGn8FWsDTpG7IBwS36W43oIip0E9ylMkCJ8UfmW96eU9_GD-wzjLz0kw-dIvMkV6ohnKT01KULv9qyT28118GFJh6OLQ-3V3K5Uw_OapFh5FFI5MfIX1A2IW-wZbhEHYlWi2c0KGQBRiYkzXK5aik5L5NXU_9CB-OnB8HjJvE3JfBLokKJlAjvtmEkRJ9ZOlWf7piGfYCEhR9XyhJHFbhhaszvwee3qb3jtbkVa2wJ39O9VMCGSigGkynZNrOZIqxvynDAuViNAaexZQUxdXgINs6q35fvqnhDMGqGSTHP64UKpCbLiygoFNQs?testcase_id=5986354279481344

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 8 by ClusterFuzz, Jan 18 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Started)
ClusterFuzz testcase 5986354279481344 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Project Member

Comment 9 by sheriffbot@chromium.org, Jan 18 2017

Labels: reward-topanel
The older reward-topanel  issue 681386  has been merged into this one. Please manually review this issue to see if the duplicate is potentially eligible for a reward.


Labels: -reward-topanel reward-NA

Sign in to add a comment