args[0]->IsJSObject() in runtime-test.cc |
||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6541223017054208 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_arm_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: args[0]->IsJSObject() in runtime-test.cc Sanitizer: address (ASAN) Regressed: V8: 34400:34401 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94xg8qPw6oI0kA1YEAaRSIfkchpwX0ba0Q6ii-UO-kYH52RoqDPmtJpSEE1zibnu-jUFmSVfomXdMvkwFjYIklAVja5o1OxrQ1LpVocRkdTaxUSuAOEq0br-shqb_qUwyLtMzCg2G_Ur1hWfGKubfUZVGzsvtpvHTE8rD68azxk3m2jD20QYq70lFwg4NC8Sx3Avz3JzOhL6X7rXxJg4XZwCrze1ECPpPS_RB70QdghISTF6jh84nmg4THpUgTwKyY9TRvp6r2x1uC1g6hw2HXGyF7q469PYn17pm5myutu-g7c9z_B_H7VVCrAtr2N0-0YG2rZ-sFzDSstPJOzOdQLrKuO2Dx15tSAc2TmIKiredjuRCIs4-6D7smJSi_4k-9d0D-a-8ctnQLdJetrObh_oo8aDA?testcase_id=6541223017054208 Issue manually filed by: ishell See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Feb 9 2017
Oh no, we outsmarted ourselves, this is coming straight from one of our tests. I'll fix the test so that it is not part of the seed. :)
,
Feb 9 2017
,
Feb 9 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/eb5915b42855bfbac90cef78017767b6b6f85629 commit eb5915b42855bfbac90cef78017767b6b6f85629 Author: mstarzinger <mstarzinger@chromium.org> Date: Thu Feb 09 16:46:06 2017 Fix test to not teach ClusterFuzz ugly tricks. R=ishell@chromium.org TEST=mjsunit/regress/regress-5902 BUG= chromium:688837 Review-Url: https://codereview.chromium.org/2682203003 Cr-Commit-Position: refs/heads/master@{#43068} [modify] https://crrev.com/eb5915b42855bfbac90cef78017767b6b6f85629/test/mjsunit/regress/regress-5902.js
,
Feb 10 2017
|
||||
►
Sign in to add a comment |
||||
Comment 1 by ishell@chromium.org
, Feb 5 2017Owner: ishell@chromium.org
Status: Assigned (was: Untriaged)