Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5052741920751616 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_arm_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: Encountered unaccounted use by #635 (ObjectIsNaN) in escape-analysis.cc Sanitizer: address (ASAN) Regressed: V8: 43571:43572 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94Z9sFiJ0ngrNYSCXcVLRVGQiPgyoDg_1OB6kHtBFVK3q8yqR3tXxRww8lyoaColenoItNao8HY_9gjNR2tlxiQmCigB1-SIkcLJp6e6mMcNsP9sb6eVt00DSPdGP-rSz9SGzt_MW2jeRTskJNxHAgy2cyHo7-XXM4IkMtWfvrNk1pgpqGkZQ3TqAehGrFxKt562tt-n-Vp1sR38N-f8qR9CvzLR_ro2xuyOyeeaA8de8_1ufDxXXPTfuJi-LoeK7IjBR7tbpnZ3Woo5TwVuV4W1J65Ypb-dpBNkJdCf3Fq28YgknTJEgn8Ly450x4KDUCUwJtKYCi8zVc-vqKLHg3mws6jjZHZZlzscg5tRCjFPVnFlU4?testcase_id=5052741920751616 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
CF points to https://codereview.chromium.org/2722483003. PTAL
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/1e4a2725b8d3bdfb49375cf8fcbc7ea2ca68ceb0 commit 1e4a2725b8d3bdfb49375cf8fcbc7ea2ca68ceb0 Author: bmeurer <bmeurer@chromium.org> Date: Mon Mar 06 12:55:28 2017 [turbofan] Teach escape analysis about ObjectIsNaN. BUG= chromium:698607 R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2735633003 Cr-Commit-Position: refs/heads/master@{#43612} [modify] https://crrev.com/1e4a2725b8d3bdfb49375cf8fcbc7ea2ca68ceb0/src/compiler/escape-analysis.cc [add] https://crrev.com/1e4a2725b8d3bdfb49375cf8fcbc7ea2ca68ceb0/test/mjsunit/regress/regress-crbug-698607.js
ClusterFuzz has detected this issue as fixed in range 43611:43612. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5052741920751616 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_arm_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: Encountered unaccounted use by #635 (ObjectIsNaN) in escape-analysis.cc Sanitizer: address (ASAN) Regressed: V8: 43571:43572 Fixed: V8: 43611:43612 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94Z9sFiJ0ngrNYSCXcVLRVGQiPgyoDg_1OB6kHtBFVK3q8yqR3tXxRww8lyoaColenoItNao8HY_9gjNR2tlxiQmCigB1-SIkcLJp6e6mMcNsP9sb6eVt00DSPdGP-rSz9SGzt_MW2jeRTskJNxHAgy2cyHo7-XXM4IkMtWfvrNk1pgpqGkZQ3TqAehGrFxKt562tt-n-Vp1sR38N-f8qR9CvzLR_ro2xuyOyeeaA8de8_1ufDxXXPTfuJi-LoeK7IjBR7tbpnZ3Woo5TwVuV4W1J65Ypb-dpBNkJdCf3Fq28YgknTJEgn8Ly450x4KDUCUwJtKYCi8zVc-vqKLHg3mws6jjZHZZlzscg5tRCjFPVnFlU4?testcase_id=5052741920751616 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Issue 700284 has been merged into this issue.
Comment 1 by ishell@chromium.org
, Mar 6 2017Owner: bmeu...@chromium.org
Status: Assigned (was: Untriaged)