New issue
Advanced search Search tips

Issue 689449 link

Starred by 2 users
Status: Duplicate
Merged: issue 688307
Owner: ----
Closed: Feb 2017
Cc:
cbruni@chromium.org
jarin@chromium.org
verwa...@chromium.org
mstarzinger@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

V8 correctness failure in configs: x64,ignition:ia32,ignition

Project Member Reported by ClusterFuzz, Feb 7 2017

Comment 1 by machenb...@chromium.org, Feb 7 2017

Cc: verwa...@chromium.org jarin@chromium.org cbruni@chromium.org mstarzinger@chromium.org
Status: Available (was: Untriaged)
// PTAL. Configurable gone wrong?

v = [1,2,3];
Object.defineProperty(v, 2, { configurable: false });
print(v.sort(function() {}));

// Output:
# Compared x64,ignition with ia32,ignition
#
# Flags of x64,ignition:
--abort_on_stack_overflow --expose-gc --allow-natives-syntax --invoke-weak-callbacks --omit-quit --es-staging --random-seed 1234 --ignition --turbo-filter=~ --hydrogen-filter=~ --validate-asm --nocrankshaft
# Flags of ia32,ignition:
--abort_on_stack_overflow --expose-gc --allow-natives-syntax --invoke-weak-callbacks --omit-quit --es-staging --random-seed 1234 --ignition --turbo-filter=~ --hydrogen-filter=~ --validate-asm --nocrankshaft
#
# Difference:
- 1,3,2
+ 1,2,3
#
### Start of configuration x64,ignition:
1,3,2

### End of configuration x64,ignition
#
### Start of configuration ia32,ignition:
1,2,3

### End of configuration ia32,ignition
Project Member

Comment 2 by ClusterFuzz, Feb 8 2017 

ClusterFuzz has detected this issue as fixed in range 43016:43017.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4560149688877056

Fuzzer: foozzie_js_mutation
Job Type: v8_foozzie
Platform Id: linux

Crash Type: V8 correctness failure
Crash Address: 
Crash State:
  configs: x64,ignition:ia32,ignition
  sources: 87b
  
Sanitizer: address (ASAN)

Fixed: V8: 43016:43017

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95rrfhTYgu6L8-N62eumkEwNAiQsn9NLPNU5iawW44wb_vqCWoNOhy3a_fCcZuHZP9tKeFUz1huRXhpqD3oIFy0-lYeRSmylK8_4ArJ22CQZtcmYaVruijjSQh10iwh5m8Dkx7gmomldJ30vQSQL_lGdEpN_H-ARxfhtm9buhod1WoW-Rh4kaAaaURdJfzRZZcFdiHVR5g4ojfPKXFjr5S6UOGfBJ6DYVFEe4GSKELN1rC4b_jJdZcymkYdn38KAZ0VTphmyktp7toLVSJnuGO6fRiXRA2qqDTSoWAux-Rol2k5-qXm0wxHgcnj_BQfbZQ1LzGUpxk1Wp4zJJOdpiT_vUUddlKZ-Px-wOoIPZLP2fQHTTvILDPw_LwUDmDKgyFtT1a8wk6WjoiGJKxCjLy-cLIYfw?testcase_id=4560149688877056


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Comment 3 by cbruni@chromium.org, Feb 8 2017

Mergedinto: 688307
Status: Duplicate (was: Available)
Project Member

Comment 4 by ClusterFuzz, Feb 10 2017 

ClusterFuzz has detected this issue as fixed in range 43016:43017.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4560149688877056

Fuzzer: foozzie_js_mutation
Job Type: v8_foozzie
Platform Id: linux

Crash Type: V8 correctness failure
Crash Address: 
Crash State:
  configs: x64,ignition:ia32,ignition
  sources: 87b
  
Sanitizer: address (ASAN)

Fixed: V8: 43016:43017

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95rrfhTYgu6L8-N62eumkEwNAiQsn9NLPNU5iawW44wb_vqCWoNOhy3a_fCcZuHZP9tKeFUz1huRXhpqD3oIFy0-lYeRSmylK8_4ArJ22CQZtcmYaVruijjSQh10iwh5m8Dkx7gmomldJ30vQSQL_lGdEpN_H-ARxfhtm9buhod1WoW-Rh4kaAaaURdJfzRZZcFdiHVR5g4ojfPKXFjr5S6UOGfBJ6DYVFEe4GSKELN1rC4b_jJdZcymkYdn38KAZ0VTphmyktp7toLVSJnuGO6fRiXRA2qqDTSoWAux-Rol2k5-qXm0wxHgcnj_BQfbZQ1LzGUpxk1Wp4zJJOdpiT_vUUddlKZ-Px-wOoIPZLP2fQHTTvILDPw_LwUDmDKgyFtT1a8wk6WjoiGJKxCjLy-cLIYfw?testcase_id=4560149688877056


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment