Issue metadata
Sign in to add a comment
|
V8 correctness failure in configs: x64,ignition:ia32,ignition |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4546671276195840 Fuzzer: foozzie_js_mutation Job Type: v8_foozzie Platform Id: linux Crash Type: V8 correctness failure Crash Address: Crash State: configs: x64,ignition:ia32,ignition sources: d70 Sanitizer: address (ASAN) Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97lbVgNZrmqVyyGPT4qLB-_pO4rz7jM4xK_8_m9iOkQ4yWvsRpWUNZElq7X-fsAER-CQajoPG5ijIunrXKWvSFo7CrzmZLzlgknjP60Tyj0zBCY4mXboz8qQvkQFt5vNA7kSNR3k4kSq7GbBHxjkelnSS-uYhl5Lixx177P-86eRy_Hm0Qs1F0W0lYgzFikoRNhN4XmrJRy-FrZiwiFMC8FgvqifuEgUiIq3ietTt_GoWRVXACcZJ8fZRFiaiZKnPp9oYZULrwXv3gCL8FzSARZKIX2jO1rXuzkKMQVZi8KInZetgapdN0giZmyLdo06kPG_V_QUppwoPM8gZ5NbxsFq4Z_5pwF4zeDVqKRxN4T0KbVd5iIw65HUQCVaY25dF9hcdEP9soJ-hGLK8mFUAHgLNi-iw?testcase_id=4546671276195840 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Feb 14 2017
,
Feb 14 2017
,
Feb 16 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/4697e5bbabecc76d50ec9147c78f1647cc356cc7 commit 4697e5bbabecc76d50ec9147c78f1647cc356cc7 Author: Michael Achenbach <machenbach@chromium.org> Date: Thu Feb 16 07:26:13 2017 [foozzie] Improve mocks for typed arrays This wraps float arrays with a proxy to make raw buffer use slow paths avoiding different NAN patterns. This also mocks out large typed arrays when passing the lenth as third constructor parameter. BUG= chromium:691287 , chromium:690898 NOTRY=true Change-Id: Ic4295b0d8690e5209aceeda9ed93efdd580194c0 Reviewed-on: https://chromium-review.googlesource.com/441624 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#43229} [modify] https://crrev.com/4697e5bbabecc76d50ec9147c78f1647cc356cc7/tools/foozzie/v8_mock.js [modify] https://crrev.com/4697e5bbabecc76d50ec9147c78f1647cc356cc7/tools/foozzie/v8_mock_archs.js
,
Feb 16 2017
ClusterFuzz has detected this issue as fixed in range 43228:43229. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4546671276195840 Fuzzer: foozzie_js_mutation Job Type: v8_foozzie Platform Id: linux Crash Type: V8 correctness failure Crash Address: Crash State: configs: x64,ignition:ia32,ignition sources: d70 Sanitizer: address (ASAN) Fixed: V8: 43228:43229 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97lbVgNZrmqVyyGPT4qLB-_pO4rz7jM4xK_8_m9iOkQ4yWvsRpWUNZElq7X-fsAER-CQajoPG5ijIunrXKWvSFo7CrzmZLzlgknjP60Tyj0zBCY4mXboz8qQvkQFt5vNA7kSNR3k4kSq7GbBHxjkelnSS-uYhl5Lixx177P-86eRy_Hm0Qs1F0W0lYgzFikoRNhN4XmrJRy-FrZiwiFMC8FgvqifuEgUiIq3ietTt_GoWRVXACcZJ8fZRFiaiZKnPp9oYZULrwXv3gCL8FzSARZKIX2jO1rXuzkKMQVZi8KInZetgapdN0giZmyLdo06kPG_V_QUppwoPM8gZ5NbxsFq4Z_5pwF4zeDVqKRxN4T0KbVd5iIw65HUQCVaY25dF9hcdEP9soJ-hGLK8mFUAHgLNi-iw?testcase_id=4546671276195840 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Feb 20 2017
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by machenb...@chromium.org
, Feb 12 2017Status: Assigned (was: Untriaged)