Issue 688305 link

Starred by 1 user

Issue metadata

Status:	Verified
Owner:	----
Closed:	Feb 2017
Components:	Blink>JavaScript
EstimatedDays:	----
NextAction:	----
OS:	Mac
Pri:	1
Type:	Bug
Stability-Crash Reproducible Clusterfuzz ClusterFuzz-Verified

map()->unused_property_fields() == actual_unused_property_fields - JSObject::kFi

Project Member Reported by ClusterFuzz, Feb 3 2017

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5101551858483200

Fuzzer: lcamtuf_cross_fuzz
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: CHECK failure
Crash Address: 
Crash State:
  map()->unused_property_fields() == actual_unused_property_fields - JSObject::kFi
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=447218:447232

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97wyURvzeU_78QaJTDvp6rRBrXAzGt7e8f932zGSUEnGBQsRp_Mq6gU4UuwX9e_dzNOK4V-EYZLCan16V6S2a50mPzq9tIH6awHH07-5pChqlFFSJSsV2mFN6cVF-aDJhDXwqC1TxLOJWg1xqrS1TscMWFjGrS6Yx5JyYOXEYLHHVVGhEO0VVaWba9CWg30qNXfGSpulDENkXATM0tZ_6nCaRfe9KBAbvRyq-vVgUUuLCHe4fbIzg_6wQh5cdbylJJZJgEoqN_1QW4TnVEYfJtnRbhwtDjDDeu4Qxa0cUx3nOeKxGFttyrEu9GibWtVlV-yaS6HpJQaerQSUagFU2O2Yl1WbPSQHvpBWI34EE2uMzHBvug?testcase_id=5101551858483200


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by ellyjo...@chromium.org, Feb 3 2017

Components: Blink>JavaScript

mac triage: tagging for Blink>JavaScript triage.

Project Member

Comment 2 by ClusterFuzz, Feb 9 2017

ClusterFuzz has detected this issue as fixed in range 448982:449002.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5101551858483200

Fuzzer: lcamtuf_cross_fuzz
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: CHECK failure
Crash Address: 
Crash State:
  map()->unused_property_fields() == actual_unused_property_fields - JSObject::kFi
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=447218:447232
Fixed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=448982:449002

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97wyURvzeU_78QaJTDvp6rRBrXAzGt7e8f932zGSUEnGBQsRp_Mq6gU4UuwX9e_dzNOK4V-EYZLCan16V6S2a50mPzq9tIH6awHH07-5pChqlFFSJSsV2mFN6cVF-aDJhDXwqC1TxLOJWg1xqrS1TscMWFjGrS6Yx5JyYOXEYLHHVVGhEO0VVaWba9CWg30qNXfGSpulDENkXATM0tZ_6nCaRfe9KBAbvRyq-vVgUUuLCHe4fbIzg_6wQh5cdbylJJZJgEoqN_1QW4TnVEYfJtnRbhwtDjDDeu4Qxa0cUx3nOeKxGFttyrEu9GibWtVlV-yaS6HpJQaerQSUagFU2O2Yl1WbPSQHvpBWI34EE2uMzHBvug?testcase_id=5101551858483200


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Project Member

Comment 3 by ClusterFuzz, Feb 9 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Untriaged)

ClusterFuzz testcase 5101551858483200 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

►

Issue 688305 link

Issue metadata

map()->unused_property_fields() == actual_unused_property_fields - JSObject::kFi

Issue description

Comment 1 by ellyjo...@chromium.org, Feb 3 2017

Comment 1 Deleted

Comment 2 by ClusterFuzz, Feb 9 2017

Comment 2 Deleted

Comment 3 by ClusterFuzz, Feb 9 2017

Comment 3 Deleted

Sign in to add a comment