Issue 685049 link

Starred by 1 user

Issue metadata

Status:	Assigned
Owner:	u...@chromium.org
Cc:	█ hpayer@chromium.org
Components:	Blink>JavaScript>GC
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	1
Type:	Bug
Stability-Crash Reproducible Clusterfuzz

committed >= used in heap.cc

Project Member Reported by ClusterFuzz, Jan 25 2017

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5309334625189888

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_ignition_v8_arm_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  committed >= used in heap.cc
  
Sanitizer: address (ASAN)

Regressed: V8: 40971:40972

Minimized Testcase (3.09 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96dn9676mMoV1RXnsZWJPUXj3QGrd-_mI0QHQdYHzkuV2NXECW87W9T4eNyQQf2pHv1uz0NU6nhrUCkWr-E7lGxoFcdrpK3dm6Wxun431N5IDL9NQdGeEafXs4z4ZuZ0gRvEG0Za2CrWilQsgjeBNU2I32NItbXM4TdBZa6FhiowLCw4dXsJuuPE6yn9yww8PLjns9Ajd4hwykJ02H9VnP8JyoCNAv1Sif5jdDnwbGDfUu3K0nWBLSsHR5ssMhTt2uMXQ39yCuU3qbGm0H_ZpmWn2hDT3GyhHYaewJbXKrsa-B4DKhYUisyGbhHDQEanBbbdOW5ImawrNNx2bQJDAjcBtSIw0iSxdKp_93MnvWX4VkrvkU?testcase_id=5309334625189888

Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by mstarzinger@chromium.org, Jan 25 2017

Cc: hpayer@chromium.org
Components: -Blink>JavaScript Blink>JavaScript>GC
Owner: u...@chromium.org
Status: Assigned (was: Untriaged)

Regression range points to 71a7bca990c557a7106fa89ab6bff08b09e3b243, which actually introduced the assertion.

►

Issue 685049 link

Issue metadata

committed >= used in heap.cc

Issue description

Comment 1 by mstarzinger@chromium.org, Jan 25 2017

Comment 1 Deleted

Sign in to add a comment