New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 682850 link

Starred by 1 user
Status: Verified
Owner:
bradnelson@chromium.org
Last visit > 30 days ago
Closed: Jan 2017
Cc:
aseemgarg@chromium.org
titzer@chromium.org
adamk@chromium.org
dschuff@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

Crash in v8::internal::StringCharacterStream::Reset

Project Member Reported by ClusterFuzz, Jan 19 2017 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4570070895558656

Fuzzer: mbarbella_js_mutation
Job Type: windows_asan_d8
Platform Id: windows

Crash Type: UNKNOWN READ
Crash Address: 0x00000007
Crash State:
  v8::internal::StringCharacterStream::Reset
  v8::internal::String::ToCString
  v8::internal::String::ToCString
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_d8&range=444720:444724

Minimized Testcase (0.08 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96Ad8X1q_Couz552chKJQWr3DSOZ0erKyBoA5sSzoXVTWZbUSaCd1mYiXoOwX0cMLRIR1A-q0b2cp-zW1pVbFLWYimUxNam5vL8C7he20zDn-1sNerwbkrOJf8ZEhdAFVRj0uib0oXdOqtWZljSUzKNXowCbd-70J_-8BM_3xH7T2BO_IFCnAw9Ityutx5rKmRCtwfzlAktkSiABKR2NkAx5MUcBU1v53bJPPAq1NhIi1W6_xTy4WiRfS5P_Ie39OfrQrhr5htGCl0sjy-lCY3TFBg8kJiPY055KK1gZyvVayLmv_boCQRYUTUoiMEnNFt1WE618yHaBh5e-peVPL5MxcZgedl7eu4Jc6_6U_VDtZR_rMs?testcase_id=4570070895558656
var __f_2 = (function(stdlib) {
  "use asm";
  var __v_3 = (stdlib[0]);
})();


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by mummare...@chromium.org, Jan 20 2017

Labels: Test-Predator-Wrong M-57
Owner: bradnelson@chromium.org
Status: Assigned (was: Untriaged)
Looks like this is similar to  issue 681707 , assigning to bradnelson@. please confirm and duplicate if both are same.
Thank you.

Comment 2 by bradnelson@chromium.org, Jan 21 2017

Cc: titzer@chromium.org aseemgarg@chromium.org
Components: -Blink>JavaScript Blink>JavaScript>WebAssembly
Labels: -Pri-1 Hotlist-Asm Pri-2
Project Member

Comment 3 by ClusterFuzz, Jan 24 2017 

ClusterFuzz has detected this issue as fixed in range 445054:445058.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4570070895558656

Fuzzer: mbarbella_js_mutation
Job Type: windows_asan_d8
Platform Id: windows

Crash Type: UNKNOWN READ
Crash Address: 0x00000007
Crash State:
  v8::internal::StringCharacterStream::Reset
  v8::internal::String::ToCString
  v8::internal::String::ToCString
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_d8&range=444720:444724
Fixed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_d8&range=445054:445058

Minimized Testcase (0.08 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96Ad8X1q_Couz552chKJQWr3DSOZ0erKyBoA5sSzoXVTWZbUSaCd1mYiXoOwX0cMLRIR1A-q0b2cp-zW1pVbFLWYimUxNam5vL8C7he20zDn-1sNerwbkrOJf8ZEhdAFVRj0uib0oXdOqtWZljSUzKNXowCbd-70J_-8BM_3xH7T2BO_IFCnAw9Ityutx5rKmRCtwfzlAktkSiABKR2NkAx5MUcBU1v53bJPPAq1NhIi1W6_xTy4WiRfS5P_Ie39OfrQrhr5htGCl0sjy-lCY3TFBg8kJiPY055KK1gZyvVayLmv_boCQRYUTUoiMEnNFt1WE618yHaBh5e-peVPL5MxcZgedl7eu4Jc6_6U_VDtZR_rMs?testcase_id=4570070895558656
var __f_2 = (function(stdlib) {
  "use asm";
  var __v_3 = (stdlib[0]);
})();


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 4 by ClusterFuzz, Jan 24 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 4570070895558656 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment