Issue metadata
Sign in to add a comment
|
V8 correctness failure in configs: x64,ignition:x64,ignition_turbo_opt |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5480844748914688 Fuzzer: foozzie_js_mutation Job Type: foozzie_ignition_turbo_opt Platform Id: linux Crash Type: V8 correctness failure Crash Address: Crash State: configs: x64,ignition:x64,ignition_turbo_opt sources: f56 Sanitizer: address (ASAN) Minimized Testcase (11.50 Kb): https://cluster-fuzz.appspot.com/download/AMIfv941enEmeARna1jHmGMiGwWO8x_rJMT-YftljZOTi5FGzy7yzT6jt1Ig84ctmTm_18el269JmPjPOPltN_vGIF_D5HAj-dOb3zJsT6rh5zgScKDleeMMUm7AI-F7QCJOUflLH-vOUJ6MtRDK18SXDG2YP8SvtB--gTaykbCHkDHoc6JVaqOhFhFkZKfxiMggBkiuQATeIaP0M6PWMUFUnTlNPOCLT1jXes43Mp-tdxubPYUMQXwFfhtXkbH1_sajgo_J7ZTMLcJyc2RtEWOwzv2nEYdFE6dRae3AHXv1irg6YZi9L_n27pDOfF98vngBhFmd-WIwKdK2x6NReYCnNyJvjoEcf1PUq_HR-IVTr4VHdFfZIuw?testcase_id=5480844748914688 Additional requirements: Requires Gestures Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Feb 20 2017
,
Feb 27 2017
ClusterFuzz has detected this issue as fixed in range 43435:43436. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5480844748914688 Fuzzer: foozzie_js_mutation Job Type: foozzie_ignition_turbo_opt Platform Id: linux Crash Type: V8 correctness failure Crash Address: Crash State: configs: x64,ignition:x64,ignition_turbo_opt sources: f56 Sanitizer: address (ASAN) Fixed: V8: 43435:43436 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv941enEmeARna1jHmGMiGwWO8x_rJMT-YftljZOTi5FGzy7yzT6jt1Ig84ctmTm_18el269JmPjPOPltN_vGIF_D5HAj-dOb3zJsT6rh5zgScKDleeMMUm7AI-F7QCJOUflLH-vOUJ6MtRDK18SXDG2YP8SvtB--gTaykbCHkDHoc6JVaqOhFhFkZKfxiMggBkiuQATeIaP0M6PWMUFUnTlNPOCLT1jXes43Mp-tdxubPYUMQXwFfhtXkbH1_sajgo_J7ZTMLcJyc2RtEWOwzv2nEYdFE6dRae3AHXv1irg6YZi9L_n27pDOfF98vngBhFmd-WIwKdK2x6NReYCnNyJvjoEcf1PUq_HR-IVTr4VHdFfZIuw?testcase_id=5480844748914688 Additional requirements: Requires Gestures See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by machenb...@chromium.org
, Jan 29 2017Labels: -Pri-1 Pri-2
Status: Available (was: Untriaged)
// Another stack overflow that isn't honoring --abort_on_stack_overflow. Could we get it to do that here too? Only repros with always opt. Minimized: var count = 0; try { function foo(lc) { count++; var r = new RegExp("^" + lc); r.test(lc); r.__defineGetter__("test", function() { return foo(r); }); r.test(lc); } foo(String.fromCharCode(0x413)); } catch(e) { print(count); } // Output: # Compared x64,ignition with x64,ignition_turbo_opt # # Flags of x64,ignition: --abort_on_stack_overflow --expose-gc --allow-natives-syntax --invoke-weak-callbacks --omit-quit --es-staging --random-seed 1474417455 --ignition --turbo-filter=~ --hydrogen-filter=~ --validate-asm --nocrankshaft # Flags of x64,ignition_turbo_opt: --abort_on_stack_overflow --expose-gc --allow-natives-syntax --invoke-weak-callbacks --omit-quit --es-staging --random-seed 1474417455 --ignition-staging --turbo --always-opt --validate-asm # # Difference: - 807 + 913 # # Source file: none # ### Start of configuration x64,ignition: 807 ### End of configuration x64,ignition # ### Start of configuration x64,ignition_turbo_opt: 913 ### End of configuration x64,ignition_turbo_opt