V8 correctness failure in configs: x64,fullcode:x64,ignition_staging |
|
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5012636069789696 Fuzzer: foozzie_js_mutation Job Type: foozzie_ignition_staging Platform Id: linux Crash Type: V8 correctness failure Crash Address: Crash State: configs: x64,fullcode:x64,ignition_staging sources: 2d7 Sanitizer: address (ASAN) Regressed: V8: r42370:42371 Minimized Testcase (0.33 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96tTZnxAN4deJiPA-FQdtEiwRQd9itVFPuP8csGWbPLa2Oupg7L-arJw6zpjeUdBTCFQFqTLLPK1GDeUZsozTwWe0EfOIDDThhA7R1wsNZAVTKPJ4m17p4xmlAAiEgpsH3UTfQ52PQ7RAVqy8gZ8ZxuVeEj0wOpTf2SEJweZTH_jKx2Sm5E_DkfMgmIqtvUyun8C8_-ILX_RKwFQodqeNR9y9Zf3CCG5N68I5ruEq9te8D-vCSBzs00hANQjA-R8zuhTVNaQiZG3DfHrrvHQKDTNOcEFAkN7OZv1Soqpgl9KBhkcp8m32biqwHWpsnhpPlFfz4RK6cx7IgZwFcQbVQtAz0NSMJYEPOFh30lwdlpGr7u8Zw?testcase_id=5012636069789696 __PrettyPrint = function __PrettyPrint(value) { switch (typeof value) { case "object": var name = value.constructor.name; if (name) return name + "()"; } } print("v8-foozzie source: /v8/test/mjsunit/regress/regress-592353.js"); __v_0 = __f_0(); print(__PrettyPrint(__v_0)); function __f_0() { "use asm"; return {}; } Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. |
|
►
Sign in to add a comment |
|
Comment 1 by machenb...@chromium.org
, Jan 18 2017