New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 683571 link

Starred by 1 user
Status: Duplicate
Owner: ----
Closed: Jan 2017
Cc:
jkummerow@chromium.org
msrchandra@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 1
Type: Bug



Sign in to add a comment

Crash in v8::internal::NativeRegExpMacroAssembler::StringCharacterPosition

Project Member Reported by ClusterFuzz, Jan 21 2017 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5560432204185600

Fuzzer: inferno_webbot
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  v8::internal::NativeRegExpMacroAssembler::StringCharacterPosition
  v8::internal::NativeRegExpMacroAssembler::CheckStackGuardState
  v8::internal::RegExpMacroAssemblerX64::CheckStackGuardState
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=445281:445285

Minimized Testcase (0.07 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv972wDwzn6hrv49YtNG471c5DiRcvHBkJzEfgWuFTG2MDd7jBOsLOu7jzHDylmRAXCcScdP1BkO8WQvhBAv5cGXTFUIVk-AqIsepdb3oG-3VXUl1Vlc5K_--PhEc7LMUVlJQYtcUAqnqGp_caFcuLlZYMEN2qsQpDE4vrOMtK4NCRy6rzDfLIxXNrZIzxDJrcCX7oG3xbMjvkdNenJ-iLiMNSkdynjxG6RMAGsoKP-SfPKem7lwKehGUWBa3uOEHqsFBw8dnDWjD1dOx5JLixvEpLIDU8psA7u--15etbJmK-nKPO0E8-Kr4KByBedVFowLB4_WkJH4TONe-ZTaffxjXRIgWh3z_wq1-W_i9Snx32bR1WBM?testcase_id=5560432204185600
 html><html><script>
window.location = "http://twinset.com";</script></html>


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by msrchandra@chromium.org, Jan 23 2017

Cc: msrchandra@chromium.org jkummerow@chromium.org
Components: Blink>JavaScript
Labels: Test-Predator-Correct-CLs
Providing Find it results.
The result is a list of CLs that change the crashed files. 

Author: jkummerow
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/3e915e12a146fb346765ab5027c5e9ebad0600f9
Time: Thu Jan 19 13:27:59 2017
File regexp-macro-assembler.cc is changed in this cl (and is part of stack frame #1, "v8::internal::NativeRegExpMacroAssembler::StringCharacterPosition"; frame #2, "v8::internal::NativeRegExpMacroAssembler::CheckStackGuardState"; frame #4, "Execute"; frame #5, "v8::internal::NativeRegExpMacroAssembler::Match")
Minimum distance from crash line to modified line: 8. (file: regexp-macro-assembler.cc, crashed on: 254, modified: 246).

Leaving the status to Untriaged as this is v8 issue.
Thank You.

Comment 2 by jkummerow@chromium.org, Jan 23 2017

Mergedinto: 683515
Status: Duplicate (was: Untriaged)
Project Member

Comment 3 by ClusterFuzz, Jan 24 2017 

ClusterFuzz has detected this issue as fixed in range 445491:445525.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5560432204185600

Fuzzer: inferno_webbot
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  v8::internal::NativeRegExpMacroAssembler::StringCharacterPosition
  v8::internal::NativeRegExpMacroAssembler::CheckStackGuardState
  v8::internal::RegExpMacroAssemblerX64::CheckStackGuardState
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=445281:445285
Fixed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=445491:445525

Minimized Testcase (0.07 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv972wDwzn6hrv49YtNG471c5DiRcvHBkJzEfgWuFTG2MDd7jBOsLOu7jzHDylmRAXCcScdP1BkO8WQvhBAv5cGXTFUIVk-AqIsepdb3oG-3VXUl1Vlc5K_--PhEc7LMUVlJQYtcUAqnqGp_caFcuLlZYMEN2qsQpDE4vrOMtK4NCRy6rzDfLIxXNrZIzxDJrcCX7oG3xbMjvkdNenJ-iLiMNSkdynjxG6RMAGsoKP-SfPKem7lwKehGUWBa3uOEHqsFBw8dnDWjD1dOx5JLixvEpLIDU8psA7u--15etbJmK-nKPO0E8-Kr4KByBedVFowLB4_WkJH4TONe-ZTaffxjXRIgWh3z_wq1-W_i9Snx32bR1WBM?testcase_id=5560432204185600
 html><html><script>
window.location = "http://twinset.com";</script></html>


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment