New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 687509 link

Starred by 1 user
Status: Verified
Owner:
binji@chromium.org
Last visit 15 days ago
Closed: Feb 2017
Cc:
cbruni@chromium.org
jbroman@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Direct-leak in v8::ShellArrayBufferAllocator::Allocate

Project Member Reported by ClusterFuzz, Feb 1 2017 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6415458086682624

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  v8::ShellArrayBufferAllocator::Allocate
  v8::internal::JSArrayBuffer::SetupAllocatingData
  v8::internal::Builtin_Impl_ArrayBufferConstructor_ConstructStub
  
Sanitizer: address (ASAN)

Regressed: V8: 42748:42749

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95z8Kg2MLKNF4hFWZQL22KuV6WeCYkQ5s1Wlm0kSY0m5J3nAjMLhOwDjh4OnPrdKpUVCeXCL5jxD2ON-j7C7KvGQVh1llGEO0dAv9rxnvYRHcTUrMbaVtpiC_Y7lNvSxeIIszcQozsrybg6ztXuWzMTXpHj_8cCQFEuf4xoBax76V4rCnnUAnXzLrgWR7RjS1M8Svyt-KrUuOj9DwQBCjZBFwvZKe0HvSC3Oq0ZULdiHuDbymmDHor-MPgmeudwVnNY0C4tRDYYTYCQR5CUnQRloA_bhwSVPGjvFf1o9dxNBDfp-8hzxP8BApLaXWLnOosvWxLGeJ2c5AZeoPomzQZ_cjkNtvCogKmJnih9ZQt10Gz2JGY?testcase_id=6415458086682624


Issue manually filed by: mstarzinger

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by mstarzinger@chromium.org, Feb 1 2017

Cc: jbroman@chromium.org cbruni@chromium.org
Owner: binji@chromium.org
Status: Assigned (was: Untriaged)
Regression range points to 966355585bb3e6e21c063c2b670045f5a75e5aa5.
Project Member

Comment 2 by ClusterFuzz, Feb 4 2017 

ClusterFuzz has detected this issue as fixed in range 42936:42937.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6415458086682624

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  v8::ShellArrayBufferAllocator::Allocate
  v8::internal::JSArrayBuffer::SetupAllocatingData
  v8::internal::Builtin_Impl_ArrayBufferConstructor_ConstructStub
  
Sanitizer: address (ASAN)

Regressed: V8: 42748:42749
Fixed: V8: 42936:42937

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95z8Kg2MLKNF4hFWZQL22KuV6WeCYkQ5s1Wlm0kSY0m5J3nAjMLhOwDjh4OnPrdKpUVCeXCL5jxD2ON-j7C7KvGQVh1llGEO0dAv9rxnvYRHcTUrMbaVtpiC_Y7lNvSxeIIszcQozsrybg6ztXuWzMTXpHj_8cCQFEuf4xoBax76V4rCnnUAnXzLrgWR7RjS1M8Svyt-KrUuOj9DwQBCjZBFwvZKe0HvSC3Oq0ZULdiHuDbymmDHor-MPgmeudwVnNY0C4tRDYYTYCQR5CUnQRloA_bhwSVPGjvFf1o9dxNBDfp-8hzxP8BApLaXWLnOosvWxLGeJ2c5AZeoPomzQZ_cjkNtvCogKmJnih9ZQt10Gz2JGY?testcase_id=6415458086682624


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 3 by ClusterFuzz, Feb 4 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 6415458086682624 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment