(values_[index]) == nullptr in identity-map.cc |
||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5127911263961088 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_mipsel_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (values_[index]) == nullptr in identity-map.cc Sanitizer: address (ASAN) Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94vjoeIq-cHv_rOA3b01GvEAw-mOun6DmmATw0nSD8o_rLiifLfNtmJov1N6B4NUZ55LzGAzdOCh1RMsa9wlgrc9IMfMtWMiLX-OLrRKP6BJm4_njVUVa9WK4XNXR1P4PsJ7rmC3IL6fpheUIsroca_lj5WBtJw4tVwltzEBzPgS_Cy8XJOp9sKkSBAGccfcdZt7058LBdzNeuyMX4gzhnAtFmeMKtxwI5HZyU3hhEeee8x6BAr3qSYQ6JhaFJYovXk8TY6AhyB19IOv45StujNwFVCF63IxolyO3j-VpH7VUK9-czbUDQpNWrtJk7udncrTzj8QzZEr-UbXaMa0QyjuV3y9gZDWzDZ3WpCtHqEANnL15ZkpRIdrvZtu2HIp7ZzOBu6e6n3zMeU61YZoBJoiwSewQ?testcase_id=5127911263961088 Issue manually filed by: mstarzinger See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Feb 22 2017
I checked manually and it bisects to ... commit e2de1b8696eb36256e5146d1b54cf2dda600e8d4 Author: Ross McIlroy <rmcilroy@chromium.org> Date: Mon Feb 20 21:46:38 2017 +0000 Add support to IdentityMap for deletion, iteration and AllocationPolicy. In order to use the IdentityMap in the CompilerDispatcher the following support is added: - Support for deleting entries - Support for iterating through the entries. - Support for AllocationPolicy to enable non-zone allocation of backing stores. - Also refactors the code a bit. BUG= v8:5203 Change-Id: I8b616cba8ae9dc22a7f4d76070fbb318c4edc80d Reviewed-on: https://chromium-review.googlesource.com/444409 Reviewed-by: Ben Titzer <titzer@chromium.org> Reviewed-by: Jochen Eisinger <jochen@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#43362}
,
Feb 22 2017
,
Feb 24 2017
This was fixed in https://chromium-review.googlesource.com/c/446380/ (not sure why the bug wasn't updated when this landed.
,
Mar 1 2017
ClusterFuzz has detected this issue as fixed in range 43378:43379. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5127911263961088 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_mipsel_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (values_[index]) == nullptr in identity-map.cc Sanitizer: address (ASAN) Regressed: V8: 43361:43362 Fixed: V8: 43378:43379 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97NlTejybUsf--ZhxYBlyRIppiBBsZp3FRNyW2BypghI-O4nqij6iK6luYHbjoOLpx7FrFAuyv3KQZlLq2t6JVOUAs-DC5Db09Mf6gmy2cR1sdBOpClkVHmUXDMhOds8b35e1tjUWGNsB9mfEVFfYvkUr4VaxdOrD3IfvqS1GJOPZayGJdYK3HXsKD0OdI3yI8zhVR93eA-27LU_f2mDNmIfqL5xhtdr7Cbyl3WJvPvWuhVXGwiG0porqckg18AbOaTN_bpkbBthE-W8G7a4p8dVFyznWmNvt-uDC0XOz2xNXcmo6mn2Jhd2kG7EIBbHykfouPVhzSEepQ9-lZE9mnRoTVn_IgsHNApqz2hD4NiS_BFv_uYMAKWfqGX2aR8Sf84-1uI-TOnGFQ_FJnBwATayUCMIg?testcase_id=5127911263961088 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 1 2017
ClusterFuzz has detected this issue as fixed in range 43378:43379. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5127911263961088 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_mipsel_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (values_[index]) == nullptr in identity-map.cc Sanitizer: address (ASAN) Regressed: V8: 43361:43362 Fixed: V8: 43378:43379 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97NlTejybUsf--ZhxYBlyRIppiBBsZp3FRNyW2BypghI-O4nqij6iK6luYHbjoOLpx7FrFAuyv3KQZlLq2t6JVOUAs-DC5Db09Mf6gmy2cR1sdBOpClkVHmUXDMhOds8b35e1tjUWGNsB9mfEVFfYvkUr4VaxdOrD3IfvqS1GJOPZayGJdYK3HXsKD0OdI3yI8zhVR93eA-27LU_f2mDNmIfqL5xhtdr7Cbyl3WJvPvWuhVXGwiG0porqckg18AbOaTN_bpkbBthE-W8G7a4p8dVFyznWmNvt-uDC0XOz2xNXcmo6mn2Jhd2kG7EIBbHykfouPVhzSEepQ9-lZE9mnRoTVn_IgsHNApqz2hD4NiS_BFv_uYMAKWfqGX2aR8Sf84-1uI-TOnGFQ_FJnBwATayUCMIg?testcase_id=5127911263961088 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 1 2017
ClusterFuzz has detected this issue as fixed in range 43378:43379. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5127911263961088 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_mipsel_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: (values_[index]) == nullptr in identity-map.cc Sanitizer: address (ASAN) Regressed: V8: 43361:43362 Fixed: V8: 43378:43379 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97NlTejybUsf--ZhxYBlyRIppiBBsZp3FRNyW2BypghI-O4nqij6iK6luYHbjoOLpx7FrFAuyv3KQZlLq2t6JVOUAs-DC5Db09Mf6gmy2cR1sdBOpClkVHmUXDMhOds8b35e1tjUWGNsB9mfEVFfYvkUr4VaxdOrD3IfvqS1GJOPZayGJdYK3HXsKD0OdI3yI8zhVR93eA-27LU_f2mDNmIfqL5xhtdr7Cbyl3WJvPvWuhVXGwiG0porqckg18AbOaTN_bpkbBthE-W8G7a4p8dVFyznWmNvt-uDC0XOz2xNXcmo6mn2Jhd2kG7EIBbHykfouPVhzSEepQ9-lZE9mnRoTVn_IgsHNApqz2hD4NiS_BFv_uYMAKWfqGX2aR8Sf84-1uI-TOnGFQ_FJnBwATayUCMIg?testcase_id=5127911263961088 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
||||
►
Sign in to add a comment |
||||
Comment 1 by mstarzinger@chromium.org
, Feb 22 2017