Issue 685020 link

Starred by 1 user

Issue metadata

Status:	Fixed
Owner:	█ petermarshall@chromium.org OOO until 2019-02-10
Closed:	Jan 2017
Cc:	bmeu...@chromium.org
Components:	Blink>JavaScript
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	1
Type:	Bug
Stability-Crash Reproducible Stability-Memory-AddressSanitizer Clusterfuzz

Crash in MemoryRead<unsigned

Project Member Reported by ClusterFuzz, Jan 25 2017

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5791186200821760

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_v8_arm64_dbg
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  MemoryRead<unsigned
  v8::internal::Simulator::LoadStoreHelper
  ExecuteInstruction
  
Sanitizer: address (ASAN)

Regressed: V8: 42631:42632

Minimized Testcase (0.34 Kb): https://cluster-fuzz.appspot.com/download/AMIfv945Mxulb8gYHupGw_QpYQJLAjdNgqUHRvHkcEiUs9xmhpj_3FNKL2eKXaqXttdBZlvSQse35Cesmnt1HvZ14Mr3P1GGn7SmSrJ5Ww4ctIC5Ax2ommBsFdHiu9kyVrNb-nenjB1kd4zY4YVamjmeAFlQwBPGpZePujHiVqdHY5CyDbJaZlfWYnwXfGzsbk7RQiFbJbrjrjdEFCx-xczKMn_THwCOOJW_XUeuZZaRMcdSL-RcUpwZePDHJdRuc_AboFoDcxUGg_3xBxXC-WyHWPEt1PVIop1s0sy_yDIwoi0nh1J0xDrtncsuks6OEXXPFzN_PK_mTZH0_KxoAnA57y4vjZlj-_UZGEF-weO5zjcRD8zVGek?testcase_id=5791186200821760

Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by mstarzinger@chromium.org, Jan 25 2017

Cc: bmeu...@chromium.org
Owner: petermarshall@chromium.org
Status: Assigned (was: Untriaged)

Regression range points to f9367847b0e97e7238b4bfefbec79c8fbbc11056.

Comment 2 by petermarshall@chromium.org, Jan 25 2017

Status: Started (was: Assigned)

Comment 3 by petermarshall@chromium.org, Jan 26 2017

Status: Fixed (was: Started)

Fix has landed in https://codereview.chromium.org/2655013002

Project Member

Comment 4 by ClusterFuzz, Jan 26 2017

ClusterFuzz has detected this issue as fixed in range 42656:42657.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5791186200821760

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_v8_arm64_dbg
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  MemoryRead<unsigned
  v8::internal::Simulator::LoadStoreHelper
  ExecuteInstruction
  
Sanitizer: address (ASAN)

Regressed: V8: 42631:42632
Fixed: V8: 42656:42657

Minimized Testcase (0.34 Kb): https://cluster-fuzz.appspot.com/download/AMIfv945Mxulb8gYHupGw_QpYQJLAjdNgqUHRvHkcEiUs9xmhpj_3FNKL2eKXaqXttdBZlvSQse35Cesmnt1HvZ14Mr3P1GGn7SmSrJ5Ww4ctIC5Ax2ommBsFdHiu9kyVrNb-nenjB1kd4zY4YVamjmeAFlQwBPGpZePujHiVqdHY5CyDbJaZlfWYnwXfGzsbk7RQiFbJbrjrjdEFCx-xczKMn_THwCOOJW_XUeuZZaRMcdSL-RcUpwZePDHJdRuc_AboFoDcxUGg_3xBxXC-WyHWPEt1PVIop1s0sy_yDIwoi0nh1J0xDrtncsuks6OEXXPFzN_PK_mTZH0_KxoAnA57y4vjZlj-_UZGEF-weO5zjcRD8zVGek?testcase_id=5791186200821760

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

►

Issue 685020 link

Issue metadata

Crash in MemoryRead<unsigned

Issue description

Comment 1 by mstarzinger@chromium.org, Jan 25 2017

Comment 1 Deleted

Comment 2 by petermarshall@chromium.org, Jan 25 2017

Comment 2 Deleted

Comment 3 by petermarshall@chromium.org, Jan 26 2017

Comment 3 Deleted

Comment 4 by ClusterFuzz, Jan 26 2017

Comment 4 Deleted

Sign in to add a comment