New issue
Advanced search Search tips

Issue 698097 link

Starred by 2 users

Issue metadata

Status: Fixed
Owner:
Closed: Mar 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

V8 correctness failure in configs: x64,ignition:x64,ignition_turbo

Project Member Reported by ClusterFuzz, Mar 3 2017

Issue description

Owner: machenb...@chromium.org
Status: Assigned (was: Untriaged)
Project Member

Comment 2 by bugdroid1@chromium.org, Mar 3 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/a022a1a9c472a054b0c725221648cf89a7e36c82

commit a022a1a9c472a054b0c725221648cf89a7e36c82
Author: Michael Achenbach <machenbach@chromium.org>
Date: Fri Mar 03 08:51:48 2017

[foozzie] More robust Date mock

Later manipulation of Array.prototype.concat could lead to calling the Date constructor with empty arguments list. This let a non-mocked date slip in.

BUG= chromium:698097 
NOTRY=true
TBR=yangguo@chromium.org,mstarzinger@chromium.org

Change-Id: Ib4bd97e06ea7be8c32d0057d42943f9f82ea6b5f
Reviewed-on: https://chromium-review.googlesource.com/449732
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43570}
[modify] https://crrev.com/a022a1a9c472a054b0c725221648cf89a7e36c82/tools/foozzie/v8_mock.js

Project Member

Comment 3 by ClusterFuzz, Mar 3 2017

ClusterFuzz has detected this issue as fixed in range 43569:43570.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6145490820530176

Fuzzer: foozzie_js_mutation
Job Type: v8_foozzie
Platform Id: linux

Crash Type: V8 correctness failure
Crash Address: 
Crash State:
  configs: x64,ignition:x64,ignition_turbo
  sources: de0
  
Sanitizer: address (ASAN)

Regressed: V8: 43348:43349
Fixed: V8: 43569:43570

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97sh4dBaeOxnHgBbkNp-MUdJgiSbq9_f-lYN1gM9PiKUdi5UqQwSoV7KFdl1z8dcjG2trDDW0qTQlVWv3L1IG_2RiPh8sw7md5AYufhJ99VCtML4a6RIdXsO1BRX046uNLAVCNw-rBelq0LjswJbjbd-iNuiz5sQwMBr_m93x8t3hrFNk5cxGaZkKvitw1cLR7UAv5Px9v34zjQpWznxTYSfsHS9rq-45oSehw2L-ueCMiPYJqtENIr6AXqsCopsfJ3T5y8tQ7YOfFtOmczCoVGyYiR5iTEEsEt4tzngKUUSokxeBSwMa05rtUhxBHG45o8JhvGEjdA6ZvVS_2GIOQGIhgtlQUZ2Hs8xtfkTfLRxKUoMl2ciO_YkERGRptJPTo2urbLR_9ReZw6A0vC1yUBQUoqEw?testcase_id=6145490820530176


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Status: Fixed (was: Assigned)

Sign in to add a comment