Crash in v8::internal::Invoke |
||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5343778518073344 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8 Platform Id: linux Crash Type: UNKNOWN WRITE Crash Address: 0x000000000000 Crash State: v8::internal::Invoke v8::internal::CallInternal v8::internal::Execution::Call Sanitizer: address (ASAN) Regressed: V8: r42403:42404 Minimized Testcase (0.39 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95ADG7I-IiERaVPWXtw_kD7n32fkghrNWeuqWty-I-KDw65dDWtmN1btqRT12p1Kg7lgFRZLj_zNqLngtjkIirpVwxIHYvgI80oTLNNDPF1N3UDQ2TAjgMRpAeol1fIhTw5os3khMkTLoaGdWoLY71oAEeJGVG3p_A8hBsAHctpNDdNtUejgJSAkuywqOsVc26OjwCQtfGwIq29zgLBeV5VWCs8BwWfcwfMEEi9oIsR7dJvTO4ok9tWZYQXivV74isV0pDocnt2kkzefb6PAYhWWxC1xDuVKogQC9iXKo4qvBL1LyuwvUxlzaAWXsFwGGnazfY1Ye0TEmviDofzifu7RjvJvm6GozhXULJ-Qidm-cJR07Q?testcase_id=5343778518073344 var __v_11 = {}; function __f_66(expected, __f_84, __f_10) { __f_84(__v_11, __f_10, new ArrayBuffer()).__f_24(); } __f_66(7, __f_120); function __f_24() { } gc(); function __f_120(__v_11, __v_40, buffer) { "use asm"; var __v_38 = new __v_11.Int32Array(buffer); function __f_24() { var __v_35 = 4; __v_38[0] = (__v_35 + 1) | 0; } return {__f_24: __f_24}; } __f_66(-8, __f_120); Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jan 18 2017
hey mrschandra@ V8 issues are pretty difficult to triage from looking at the stack alone. If you open the clusterfuzz report, you'll see that the top frames are all not symbolized. Instead of trying to find a culprit by looking at most likely unrelated stack frames below, please follow this handy triaging guide: https://github.com/v8/v8/wiki/Triaging-issues - just apply the correct labels to the bug and wait for our sherifs to pick them up! thanks jochen
,
Jan 18 2017
@jochen -- Apologies and thank you for the update. Will take care going further in assigning v8 related issues.
,
Jan 19 2017
ClusterFuzz has detected this issue as fixed in range 42478:42479. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5343778518073344 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8 Platform Id: linux Crash Type: UNKNOWN WRITE Crash Address: 0x000000000000 Crash State: v8::internal::Invoke v8::internal::CallInternal v8::internal::Execution::Call Sanitizer: address (ASAN) Regressed: V8: 42403:42404 Fixed: V8: 42478:42479 Minimized Testcase (0.39 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95ADG7I-IiERaVPWXtw_kD7n32fkghrNWeuqWty-I-KDw65dDWtmN1btqRT12p1Kg7lgFRZLj_zNqLngtjkIirpVwxIHYvgI80oTLNNDPF1N3UDQ2TAjgMRpAeol1fIhTw5os3khMkTLoaGdWoLY71oAEeJGVG3p_A8hBsAHctpNDdNtUejgJSAkuywqOsVc26OjwCQtfGwIq29zgLBeV5VWCs8BwWfcwfMEEi9oIsR7dJvTO4ok9tWZYQXivV74isV0pDocnt2kkzefb6PAYhWWxC1xDuVKogQC9iXKo4qvBL1LyuwvUxlzaAWXsFwGGnazfY1Ye0TEmviDofzifu7RjvJvm6GozhXULJ-Qidm-cJR07Q?testcase_id=5343778518073344 var __v_11 = {}; function __f_66(expected, __f_84, __f_10) { __f_84(__v_11, __f_10, new ArrayBuffer()).__f_24(); } __f_66(7, __f_120); function __f_24() { } gc(); function __f_120(__v_11, __v_40, buffer) { "use asm"; var __v_38 = new __v_11.Int32Array(buffer); function __f_24() { var __v_35 = 4; __v_38[0] = (__v_35 + 1) | 0; } return {__f_24: __f_24}; } __f_66(-8, __f_120); See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 19 2017
ClusterFuzz testcase 5343778518073344 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by msrchandra@chromium.org
, Jan 18 2017Labels: Test-Predator-Wrong-CLs
Owner: jochen@chromium.org
Status: Assigned (was: Untriaged)