Issue 690934 link

Starred by 2 users

Issue metadata

Status:	Duplicate
Merged:	issue 691194
Owner:	----
Closed:	Feb 2017
Cc:	jochen@chromium.org yangguo@chromium.org █ rossberg@chromium.org
Components:	Blink>JavaScript
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug
Stability-Crash Reproducible Clusterfuzz v8-foozzie-failure

V8 correctness failure in suppression: crbug.com/664068

Project Member Reported by ClusterFuzz, Feb 10 2017

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6695571189661696

Fuzzer: foozzie_js_mutation
Job Type: v8_foozzie
Platform Id: linux

Crash Type: V8 correctness failure
Crash Address: 
Crash State:
  suppression:  crbug.com/664068 
  
Sanitizer: address (ASAN)

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95RevJYQVedah8nOSbXQksV2y-i8TqPvUVn-zb2Pg3IaRzGNI997HGiMvs81OrOKkeUJuUb8VL-2RLWBAPmDthxrKZ3BsA8Qyo4myPQS-4K6dyliEKLhTn-kHVGL6u4HH1DBIm8k7Wcp5dJLk8pzSgv1fICTlSKLa2kBakcFqu6KqQNWSIzU2QM6p4DkzNvM93V0VEFBD1vNEKAFFS0WOpoa-7ICpnw6iATbLlGPiqdh-IsjxgJR6CBut_2W_NJWqhGInxUH32S2EJe38vm6F4NHHC8BbSPk2IMf2Yq9AvTU67QXmSjszqo_7mqlfnyfBa7bo0Osq3u61mOmM9GMqZW_74L3owPJoS5nXOWjeIJLz2hzSLtBMpVqWHKGxSrud0jDJmCQ-pb3q2bRl3ZULpHx42dKQ?testcase_id=6695571189661696


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by machenb...@chromium.org, Feb 10 2017

Mergedinto: 664068
Status: Duplicate (was: Untriaged)

Comment 2 by machenb...@chromium.org, Feb 13 2017

Cc: jochen@chromium.org rossberg@chromium.org yangguo@chromium.org
Labels: -Pri-1 Pri-2
Status: Available (was: Duplicate)

Actually the root cause here are just different ia32/x64 error messages:
RangeError: Invalid string length
RangeError: Invalid count value

for

String.prototype.repeat.apply(12, [1073741832]);

Also CCing CF sheriff to find an owner

Comment 3 by machenb...@chromium.org, Feb 20 2017

Mergedinto: -664068 691194
Status: Duplicate (was: Available)

Project Member

Comment 4 by ClusterFuzz, Mar 1 2017

ClusterFuzz has detected this issue as fixed in range 43479:43480.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6695571189661696

Fuzzer: foozzie_js_mutation
Job Type: v8_foozzie
Platform Id: linux

Crash Type: V8 correctness failure
Crash Address: 
Crash State:
  suppression:  crbug.com/664068 
  
Sanitizer: address (ASAN)

Fixed: V8: 43479:43480

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95RevJYQVedah8nOSbXQksV2y-i8TqPvUVn-zb2Pg3IaRzGNI997HGiMvs81OrOKkeUJuUb8VL-2RLWBAPmDthxrKZ3BsA8Qyo4myPQS-4K6dyliEKLhTn-kHVGL6u4HH1DBIm8k7Wcp5dJLk8pzSgv1fICTlSKLa2kBakcFqu6KqQNWSIzU2QM6p4DkzNvM93V0VEFBD1vNEKAFFS0WOpoa-7ICpnw6iATbLlGPiqdh-IsjxgJR6CBut_2W_NJWqhGInxUH32S2EJe38vm6F4NHHC8BbSPk2IMf2Yq9AvTU67QXmSjszqo_7mqlfnyfBa7bo0Osq3u61mOmM9GMqZW_74L3owPJoS5nXOWjeIJLz2hzSLtBMpVqWHKGxSrud0jDJmCQ-pb3q2bRl3ZULpHx42dKQ?testcase_id=6695571189661696


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

►

Issue 690934 link

Issue metadata

V8 correctness failure in suppression: crbug.com/664068

Issue description

Comment 1 by machenb...@chromium.org, Feb 10 2017

Comment 1 Deleted

Comment 2 by machenb...@chromium.org, Feb 13 2017

Comment 2 Deleted

Comment 3 by machenb...@chromium.org, Feb 20 2017

Comment 3 Deleted

Comment 4 by ClusterFuzz, Mar 1 2017

Comment 4 Deleted

Sign in to add a comment