committed >= used in heap.cc |
|
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5309334625189888 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_ignition_v8_arm_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: committed >= used in heap.cc Sanitizer: address (ASAN) Regressed: V8: 40971:40972 Minimized Testcase (3.09 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96dn9676mMoV1RXnsZWJPUXj3QGrd-_mI0QHQdYHzkuV2NXECW87W9T4eNyQQf2pHv1uz0NU6nhrUCkWr-E7lGxoFcdrpK3dm6Wxun431N5IDL9NQdGeEafXs4z4ZuZ0gRvEG0Za2CrWilQsgjeBNU2I32NItbXM4TdBZa6FhiowLCw4dXsJuuPE6yn9yww8PLjns9Ajd4hwykJ02H9VnP8JyoCNAv1Sif5jdDnwbGDfUu3K0nWBLSsHR5ssMhTt2uMXQ39yCuU3qbGm0H_ZpmWn2hDT3GyhHYaewJbXKrsa-B4DKhYUisyGbhHDQEanBbbdOW5ImawrNNx2bQJDAjcBtSIw0iSxdKp_93MnvWX4VkrvkU?testcase_id=5309334625189888 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. |
|
►
Sign in to add a comment |
|
Comment 1 by mstarzinger@chromium.org
, Jan 25 2017Components: -Blink>JavaScript Blink>JavaScript>GC
Owner: u...@chromium.org
Status: Assigned (was: Untriaged)