receiver->IsJSFunction() in objects.cc |
|||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6557768338374656 Fuzzer: lcamtuf_cross_fuzz Job Type: mac_asan_chrome Platform Id: mac Crash Type: CHECK failure Crash Address: Crash State: receiver->IsJSFunction() in objects.cc Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=445525:445713 Minimized Testcase (5.78 Kb): https://cluster-fuzz.appspot.com/download/AMIfv956ghjT0PUGlywlFn6F-LVmLnpuqDrRk_WwKxvSN9R6ZrRc4626mAzIIMBLU2v8Mz9auImMumfCa6dIlBavLXqxF9Oq_igHj669l0hAJLaDtBsvu6Hvuo1pEZ2X3qcvj4KpKAwDG24a6dj-QL0K3nrQKTlpJ3an1ksEtrUv3XU4UuR-HoO600vAMoG3hfiGqDaZbMePKOxLRTS4pnLSdp_d6l2VqtLsJ8oEcespcEx12WMRvBlGneCoDwV2Z9xoI7EX4jk4xJi3GD0OuwFNS1dJG_8bvFeT2o_rbvHx4UoD2P39vGVH5g1OgEoiIcyBVgSjD-zNpdJby1w7CAFOHoebr8wKQTMrMq_zS-w4NdfNWoNN-Yo?testcase_id=6557768338374656 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Feb 16 2017
@jkummerow, could you perhaps have a look? Otherwise, feel free to reassign to somebody else with Mac expertise.
,
Mar 14 2017
The mighty ClusterFuzz thinks this is fixed. Locally, I could repro with a downloaded CF build, but never with a self-compiled build or shipping release build. Marking as Fixed, let's resume the investigation if it shows up again. |
|||
►
Sign in to add a comment |
|||
Comment 1 by mummare...@chromium.org
, Jan 31 2017Labels: Test-Predator-Wrong M-58