Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6145490820530176 Fuzzer: foozzie_js_mutation Job Type: v8_foozzie Platform Id: linux Crash Type: V8 correctness failure Crash Address: Crash State: configs: x64,ignition:x64,ignition_turbo sources: de0 Sanitizer: address (ASAN) Regressed: V8: 43348:43349 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97sh4dBaeOxnHgBbkNp-MUdJgiSbq9_f-lYN1gM9PiKUdi5UqQwSoV7KFdl1z8dcjG2trDDW0qTQlVWv3L1IG_2RiPh8sw7md5AYufhJ99VCtML4a6RIdXsO1BRX046uNLAVCNw-rBelq0LjswJbjbd-iNuiz5sQwMBr_m93x8t3hrFNk5cxGaZkKvitw1cLR7UAv5Px9v34zjQpWznxTYSfsHS9rq-45oSehw2L-ueCMiPYJqtENIr6AXqsCopsfJ3T5y8tQ7YOfFtOmczCoVGyYiR5iTEEsEt4tzngKUUSokxeBSwMa05rtUhxBHG45o8JhvGEjdA6ZvVS_2GIOQGIhgtlQUZ2Hs8xtfkTfLRxKUoMl2ciO_YkERGRptJPTo2urbLR_9ReZw6A0vC1yUBQUoqEw?testcase_id=6145490820530176 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/a022a1a9c472a054b0c725221648cf89a7e36c82 commit a022a1a9c472a054b0c725221648cf89a7e36c82 Author: Michael Achenbach <machenbach@chromium.org> Date: Fri Mar 03 08:51:48 2017 [foozzie] More robust Date mock Later manipulation of Array.prototype.concat could lead to calling the Date constructor with empty arguments list. This let a non-mocked date slip in. BUG= chromium:698097 NOTRY=true TBR=yangguo@chromium.org,mstarzinger@chromium.org Change-Id: Ib4bd97e06ea7be8c32d0057d42943f9f82ea6b5f Reviewed-on: https://chromium-review.googlesource.com/449732 Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#43570} [modify] https://crrev.com/a022a1a9c472a054b0c725221648cf89a7e36c82/tools/foozzie/v8_mock.js
ClusterFuzz has detected this issue as fixed in range 43569:43570. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6145490820530176 Fuzzer: foozzie_js_mutation Job Type: v8_foozzie Platform Id: linux Crash Type: V8 correctness failure Crash Address: Crash State: configs: x64,ignition:x64,ignition_turbo sources: de0 Sanitizer: address (ASAN) Regressed: V8: 43348:43349 Fixed: V8: 43569:43570 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97sh4dBaeOxnHgBbkNp-MUdJgiSbq9_f-lYN1gM9PiKUdi5UqQwSoV7KFdl1z8dcjG2trDDW0qTQlVWv3L1IG_2RiPh8sw7md5AYufhJ99VCtML4a6RIdXsO1BRX046uNLAVCNw-rBelq0LjswJbjbd-iNuiz5sQwMBr_m93x8t3hrFNk5cxGaZkKvitw1cLR7UAv5Px9v34zjQpWznxTYSfsHS9rq-45oSehw2L-ueCMiPYJqtENIr6AXqsCopsfJ3T5y8tQ7YOfFtOmczCoVGyYiR5iTEEsEt4tzngKUUSokxeBSwMa05rtUhxBHG45o8JhvGEjdA6ZvVS_2GIOQGIhgtlQUZ2Hs8xtfkTfLRxKUoMl2ciO_YkERGRptJPTo2urbLR_9ReZw6A0vC1yUBQUoqEw?testcase_id=6145490820530176 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Comment 1 by machenb...@chromium.org
, Mar 3 2017Status: Assigned (was: Untriaged)