V8 correctness failure in configs: x64,ignition:x64,ignition_turbo |
||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5258540362235904 Fuzzer: foozzie_js_mutation Job Type: v8_foozzie Platform Id: linux Crash Type: V8 correctness failure Crash Address: Crash State: configs: x64,ignition:x64,ignition_turbo sources: cdc Sanitizer: address (ASAN) Regressed: V8: 43051:43052 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96zpiLexH6_MGf43Lovv-rt2ycE96TKIc_QT2A7tO4lbIHNHZI8pT_ucHJIJSv9k7Z54vgkR2KJ-M7PehH-GHDe8OsVZu0gyHWHQ8QDY8FGdVOZBAuWJjzboww8uap6umzPfxuH8Eq9P5oOVAXciKjsPx6jRX6FDn0wRPXUtfiigsJkrM3DFEkxTBRUgcDUjf0Dw7cDVquTfYpxfaimFVXRIY9YB-sded7yb5vW9cvl32liEFoXMuRD7mwkjfzpN-4IHUtYHqE8KifGp0UGZHhQJl99bUHIK-50gVX2blwUwZ0GnKW-Wtoz0uG484cSAzJXiJ_aTUHxZxXjIJr-wZ7RZ8vwmmDnb7N8BvIGuyqLGIF-hXHkqeQK3WHXy8MqlE-aHYk5YLeiAKY14CnJqa_PKp77DQ?testcase_id=5258540362235904 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Feb 14 2017
,
Feb 14 2017
Issue 691590 has been merged into this issue.
,
Feb 16 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/4697e5bbabecc76d50ec9147c78f1647cc356cc7 commit 4697e5bbabecc76d50ec9147c78f1647cc356cc7 Author: Michael Achenbach <machenbach@chromium.org> Date: Thu Feb 16 07:26:13 2017 [foozzie] Improve mocks for typed arrays This wraps float arrays with a proxy to make raw buffer use slow paths avoiding different NAN patterns. This also mocks out large typed arrays when passing the lenth as third constructor parameter. BUG= chromium:691287 , chromium:690898 NOTRY=true Change-Id: Ic4295b0d8690e5209aceeda9ed93efdd580194c0 Reviewed-on: https://chromium-review.googlesource.com/441624 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#43229} [modify] https://crrev.com/4697e5bbabecc76d50ec9147c78f1647cc356cc7/tools/foozzie/v8_mock.js [modify] https://crrev.com/4697e5bbabecc76d50ec9147c78f1647cc356cc7/tools/foozzie/v8_mock_archs.js
,
Feb 16 2017
ClusterFuzz has detected this issue as fixed in range 43228:43229. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5258540362235904 Fuzzer: foozzie_js_mutation Job Type: v8_foozzie Platform Id: linux Crash Type: V8 correctness failure Crash Address: Crash State: configs: x64,ignition:x64,ignition_turbo sources: cdc Sanitizer: address (ASAN) Regressed: V8: 43051:43052 Fixed: V8: 43228:43229 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96zpiLexH6_MGf43Lovv-rt2ycE96TKIc_QT2A7tO4lbIHNHZI8pT_ucHJIJSv9k7Z54vgkR2KJ-M7PehH-GHDe8OsVZu0gyHWHQ8QDY8FGdVOZBAuWJjzboww8uap6umzPfxuH8Eq9P5oOVAXciKjsPx6jRX6FDn0wRPXUtfiigsJkrM3DFEkxTBRUgcDUjf0Dw7cDVquTfYpxfaimFVXRIY9YB-sded7yb5vW9cvl32liEFoXMuRD7mwkjfzpN-4IHUtYHqE8KifGp0UGZHhQJl99bUHIK-50gVX2blwUwZ0GnKW-Wtoz0uG484cSAzJXiJ_aTUHxZxXjIJr-wZ7RZ8vwmmDnb7N8BvIGuyqLGIF-hXHkqeQK3WHXy8MqlE-aHYk5YLeiAKY14CnJqa_PKp77DQ?testcase_id=5258540362235904 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Feb 16 2017
ClusterFuzz testcase 4546671276195840 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||
►
Sign in to add a comment |
||
Comment 1 by machenb...@chromium.org
, Feb 10 2017Labels: -Pri-1 Pri-2
Owner: machenb...@chromium.org
Status: Assigned (was: Untriaged)