Issue 698607 link

Starred by 1 user

Issue metadata

Status:	Fixed
Owner:	bmeu...@chromium.org
Closed:	Mar 2017
Cc:	bmeu...@chromium.org jarin@chromium.org tebbi@chromium.org mstarzinger@chromium.org
Components:	Blink>JavaScript
EstimatedDays:	----
NextAction:	----
OS:	Linux , Windows
Pri:	1
Type:	Bug
Stability-Crash Reproducible Clusterfuzz

Encountered unaccounted use by #635 (ObjectIsNaN) in escape-analysis.cc

Project Member Reported by ClusterFuzz, Mar 5 2017

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5052741920751616

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_v8_arm_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  Encountered unaccounted use by #635 (ObjectIsNaN) in escape-analysis.cc
  
Sanitizer: address (ASAN)

Regressed: V8: 43571:43572

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94Z9sFiJ0ngrNYSCXcVLRVGQiPgyoDg_1OB6kHtBFVK3q8yqR3tXxRww8lyoaColenoItNao8HY_9gjNR2tlxiQmCigB1-SIkcLJp6e6mMcNsP9sb6eVt00DSPdGP-rSz9SGzt_MW2jeRTskJNxHAgy2cyHo7-XXM4IkMtWfvrNk1pgpqGkZQ3TqAehGrFxKt562tt-n-Vp1sR38N-f8qR9CvzLR_ro2xuyOyeeaA8de8_1ufDxXXPTfuJi-LoeK7IjBR7tbpnZ3Woo5TwVuV4W1J65Ypb-dpBNkJdCf3Fq28YgknTJEgn8Ly450x4KDUCUwJtKYCi8zVc-vqKLHg3mws6jjZHZZlzscg5tRCjFPVnFlU4?testcase_id=5052741920751616


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by ishell@chromium.org, Mar 6 2017

Cc: jarin@chromium.org
Owner: bmeu...@chromium.org
Status: Assigned (was: Untriaged)

CF points to https://codereview.chromium.org/2722483003. PTAL

Project Member

Comment 2 by bugdroid1@chromium.org, Mar 6 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/1e4a2725b8d3bdfb49375cf8fcbc7ea2ca68ceb0

commit 1e4a2725b8d3bdfb49375cf8fcbc7ea2ca68ceb0
Author: bmeurer <bmeurer@chromium.org>
Date: Mon Mar 06 12:55:28 2017

[turbofan] Teach escape analysis about ObjectIsNaN.

BUG= chromium:698607 
R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2735633003
Cr-Commit-Position: refs/heads/master@{#43612}

[modify] https://crrev.com/1e4a2725b8d3bdfb49375cf8fcbc7ea2ca68ceb0/src/compiler/escape-analysis.cc
[add] https://crrev.com/1e4a2725b8d3bdfb49375cf8fcbc7ea2ca68ceb0/test/mjsunit/regress/regress-crbug-698607.js

Project Member

Comment 3 by ClusterFuzz, Mar 7 2017

ClusterFuzz has detected this issue as fixed in range 43611:43612.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5052741920751616

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_v8_arm_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  Encountered unaccounted use by #635 (ObjectIsNaN) in escape-analysis.cc
  
Sanitizer: address (ASAN)

Regressed: V8: 43571:43572
Fixed: V8: 43611:43612

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94Z9sFiJ0ngrNYSCXcVLRVGQiPgyoDg_1OB6kHtBFVK3q8yqR3tXxRww8lyoaColenoItNao8HY_9gjNR2tlxiQmCigB1-SIkcLJp6e6mMcNsP9sb6eVt00DSPdGP-rSz9SGzt_MW2jeRTskJNxHAgy2cyHo7-XXM4IkMtWfvrNk1pgpqGkZQ3TqAehGrFxKt562tt-n-Vp1sR38N-f8qR9CvzLR_ro2xuyOyeeaA8de8_1ufDxXXPTfuJi-LoeK7IjBR7tbpnZ3Woo5TwVuV4W1J65Ypb-dpBNkJdCf3Fq28YgknTJEgn8Ly450x4KDUCUwJtKYCi8zVc-vqKLHg3mws6jjZHZZlzscg5tRCjFPVnFlU4?testcase_id=5052741920751616


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Comment 4 by bmeu...@chromium.org, Mar 7 2017

Status: Fixed (was: Assigned)

Comment 5 by bmeu...@chromium.org, Mar 10 2017

Cc: mstarzinger@chromium.org tebbi@chromium.org bmeu...@chromium.org

 Issue 700284  has been merged into this issue.

Issue 698607 link

Issue metadata

Encountered unaccounted use by #635 (ObjectIsNaN) in escape-analysis.cc

Issue description

Comment 1 by ishell@chromium.org, Mar 6 2017

Comment 1 Deleted

Comment 2 by bugdroid1@chromium.org, Mar 6 2017

Comment 2 Deleted

Comment 3 by ClusterFuzz, Mar 7 2017

Comment 3 Deleted

Comment 4 by bmeu...@chromium.org, Mar 7 2017

Comment 4 Deleted

Comment 5 by bmeu...@chromium.org, Mar 10 2017

Comment 5 Deleted

Comment 6 by ClusterFuzz, Mar 16 2017

Comment 6 Deleted

Sign in to add a comment