Issue 684030 link

Starred by 2 users

Issue metadata

Status:	Verified
Owner:	titzer@chromium.org
Closed:	Jan 2017
Cc:	ahaas@chromium.org adamk@chromium.org titzer@chromium.org dschuff@chromium.org
Components:	Blink>JavaScript>WebAssembly
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	1
Type:	Bug
Stability-Crash Reproducible Stability-Memory-AddressSanitizer Stability-Libfuzzer Clusterfuzz ClusterFuzz-Verified

Crash in v8::internal::Invoke

Project Member Reported by ClusterFuzz, Jan 23 2017

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5157852739272704

Fuzzer: libfuzzer_v8_wasm_code_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN WRITE
Crash Address: 0x000000000001
Crash State:
  v8::internal::Invoke
  v8::internal::CallInternal
  v8::internal::Execution::Call
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=444070:444106

Minimized Testcase (0.13 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96Ah3rbE-2mhB7ilWThioaFExm4ANPjDxMvop4BJo4GbSxJeXGlXOvcuhxkmha6Vzu5T1oC3BtQINh4SQn_ZQuXMOprZbfJzwPFddIsIokw_ohTzfhO-sQTcmItiljiKr18jXMQNga86cxt7bE_myJuk7-MRPrYNPkJVAOD8oSnPtL2hXAnxiLzNWG41-vJVpdKETa3rpYb4GeijohEg0_ZKmf7353ZYb8cbuIV17eGqWkQeRsa4rGRFOdicJnshlWDh_4fdu2AouVgM3S5cAnGtiWYtwbKTnoCq2xiRbPwc-6F7QxTp4HD2f164110mJUxrZ2GFogpAJLZHV9dt3Co85BwPvxw0QbhCXfOPMEmqb_qZDY?testcase_id=5157852739272704

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Comment 1 by mummare...@chromium.org, Jan 24 2017

Components: Blink>JavaScript

Comment 2 by mstarzinger@chromium.org, Jan 24 2017

Cc: ahaas@chromium.org
Components: -Blink>JavaScript Blink>JavaScript>WebAssembly
Owner: titzer@chromium.org
Status: Assigned (was: Untriaged)

Crash in WASM code from WASM fuzzer.

Project Member

Comment 3 by ClusterFuzz, Jan 28 2017

ClusterFuzz has detected this issue as fixed in range 446607:446646.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5157852739272704

Fuzzer: libfuzzer_v8_wasm_code_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN WRITE
Crash Address: 0x000000000001
Crash State:
  v8::internal::Invoke
  v8::internal::CallInternal
  v8::internal::Execution::Call
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=444070:444106
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=446607:446646

Minimized Testcase (0.13 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96f6o4RKbaU5mK5_k3WqIuq4E0_RlnnhWV7b8hgdhnLc81AS5CAZVZ9XInhXZ25IFyuvbbV1Xq6U3Gdj-49e2XECpsDhoRAroKKtBA_Cq7oKXCbGLoPScjRIXn2Z_EI9sSq5qSmJKC4HVnMavb-DVzxdPi2LUvd6oY03wX4fjqnXUdSPOueio_euEfSKnKkFpjNGlAeAF8H5KGnuNaWLYfx-rIZp7fRStpIYPtij6Y5yH5maSiDDoQQZgpt0Jsp9Zwdl6Z6lNLV3-wwAZjz3IJq1uVA3n2dVpV_5rcgIHeCgsSdfbwBazmrqK5f_I8XnFENwBIJ0omhQqu3HHeNQYwrWvBo9CXQayDDEZ5BS7J_GZ_2I64?testcase_id=5157852739272704

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Project Member

Comment 4 by ClusterFuzz, Jan 28 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)

ClusterFuzz testcase 5157852739272704 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

►

Issue 684030 link

Issue metadata

Crash in v8::internal::Invoke

Issue description

Comment 1 by mummare...@chromium.org, Jan 24 2017

Comment 1 Deleted

Comment 2 by mstarzinger@chromium.org, Jan 24 2017

Comment 2 Deleted

Comment 3 by ClusterFuzz, Jan 28 2017

Comment 3 Deleted

Comment 4 by ClusterFuzz, Jan 28 2017

Comment 4 Deleted

Sign in to add a comment