V8 correctness failure in configs: x64,ignition:ia32,ignition |
|||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5525622433775616 Fuzzer: foozzie_js_mutation Job Type: v8_foozzie Platform Id: linux Crash Type: V8 correctness failure Crash Address: Crash State: configs: x64,ignition:ia32,ignition sources: f56 Sanitizer: address (ASAN) Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94LvVpBpPS2--WBcH7-NeIOKcqGdloL0q0SnuLKmMVI2YcVB450OTdujCeAyV1G4uF0A-EYJQQgOZkGvfPw5Of3PeUs2_XeaYDZ7N-s1MxVvlvGfoeqTIJqr1NCdSzLHnLVxS6kyey7m63OrhdibwW7URepkGsNONo-IEwA-WX-ZAxAGsG3a8JfBvITauVqMySqG_h7mGLkwbOWwnJbfIl3zZSd94g1G2Y-cVXwMzS1yjCXtHU7akAupvpYlGHGXyImwUrQUXsXlsdufHXHOOTJ0Is1mI65VClPV972pz9YdhXjVMaN7E13zmbJpZI0_BKOyxHreF-PBp9vKiiOMugEesWFuwGDS7DGau54u8EoC2y_WZKHAvBpToizUjXWs2cXweFMQp5cf5Y8N86lKm0kpT5HwA?testcase_id=5525622433775616 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Feb 8 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/6516074960ecf23083d06463549652b240549158 commit 6516074960ecf23083d06463549652b240549158 Author: Michael Achenbach <machenbach@chromium.org> Date: Wed Feb 08 08:16:27 2017 [foozzie] Suppress syntax errors from stack overflow BUG= chromium:689877 NOTRY=true TBR=yangguo@chromium.org,jgruber@chromium.org Change-Id: I53112d487545acc4086cb48a153a96f0f1aabb21 Reviewed-on: https://chromium-review.googlesource.com/439286 Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#43025} [modify] https://crrev.com/6516074960ecf23083d06463549652b240549158/tools/foozzie/v8_suppressions.py
,
Feb 8 2017
ClusterFuzz has detected this issue as fixed in range 43024:43025. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5525622433775616 Fuzzer: foozzie_js_mutation Job Type: v8_foozzie Platform Id: linux Crash Type: V8 correctness failure Crash Address: Crash State: configs: x64,ignition:ia32,ignition sources: f56 Sanitizer: address (ASAN) Fixed: V8: 43024:43025 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94LvVpBpPS2--WBcH7-NeIOKcqGdloL0q0SnuLKmMVI2YcVB450OTdujCeAyV1G4uF0A-EYJQQgOZkGvfPw5Of3PeUs2_XeaYDZ7N-s1MxVvlvGfoeqTIJqr1NCdSzLHnLVxS6kyey7m63OrhdibwW7URepkGsNONo-IEwA-WX-ZAxAGsG3a8JfBvITauVqMySqG_h7mGLkwbOWwnJbfIl3zZSd94g1G2Y-cVXwMzS1yjCXtHU7akAupvpYlGHGXyImwUrQUXsXlsdufHXHOOTJ0Is1mI65VClPV972pz9YdhXjVMaN7E13zmbJpZI0_BKOyxHreF-PBp9vKiiOMugEesWFuwGDS7DGau54u8EoC2y_WZKHAvBpToizUjXWs2cXweFMQp5cf5Y8N86lKm0kpT5HwA?testcase_id=5525622433775616 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Feb 8 2017
ClusterFuzz testcase 5525622433775616 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Feb 24 2017
,
Feb 24 2017
Issue 690492 has been merged into this issue.
,
Feb 27 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/80558bc99b30a7bf5791addbd9baef3a01462ae7 commit 80558bc99b30a7bf5791addbd9baef3a01462ae7 Author: Michael Achenbach <machenbach@chromium.org> Date: Mon Feb 27 07:28:02 2017 [foozzie] Improve suppression for regexp stack overflow BUG= chromium:689877 NOTRY=true R=yangguo@chromium.org,jgruber@chromium.org Change-Id: Ic11826510a0c9484832f62aaa8f2078b3088ecc5 Reviewed-on: https://chromium-review.googlesource.com/446395 Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#43436} [modify] https://crrev.com/80558bc99b30a7bf5791addbd9baef3a01462ae7/tools/foozzie/v8_suppressions.py
,
Feb 28 2017
,
Mar 6 2017
Issue 698361 has been merged into this issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by machenb...@chromium.org
, Feb 8 2017Status: Assigned (was: Untriaged)
// Stack overflow during regexp creation leading to different syntax errors: function foo(lc) { var v = new RegExp("^" + lc + "$"); v.test(); v.__defineGetter__("test", function() { return foo(v); }); v.test(); } foo();