Crash in v8::internal::GlobalHandles::MakeWeak |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6191773581049856 Fuzzer: lcamtuf_cross_fuzz Job Type: mac_asan_chrome Platform Id: mac Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: v8::internal::GlobalHandles::MakeWeak blink::ScriptWrappable::setWrapper blink::DOMDataStore::setWrapper Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=454727:454751 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv95Pn1sCG5hpanJ9qv_V3P3YCtoWmw9iBIUbgrlLBN8XFkBwAuqOtmfNII9d-TpWXQDJuaWDGbl4TPBZLzNSmBKzdYqB8tCPWW5KYYlCqGDom_U4OIyoyuRFNH8tZVYVjIyjJ5UdRPnpLMipzg2Z8CdlS5Pp5aQEkmVyQHzA4b-1pyxUgewaT3wkdk71uyr6soXu9yPM7ikZpfOcRk3fCBMIyzNiz3QQgUagq4in55yagqmXRYTjtHT2ASsPMw7YpF0VgcTYoi-p2erQ_wXwngJ90-i7NdyWw-nbVch-pTgl9lDYjU37uWOas2UTzOoy-9QLYZQItN83SqtMHPd_4s0lefhacgziHXCnICZfq7uiVcIILOA?testcase_id=6191773581049856 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Mar 16 2017
,
Mar 21 2017
Looks like the handle location passed to V8 is null. This was a latent failure on Android but recently seemed to have spiked on Mac as well. Jochen, do you have any ideas about this one?
,
Mar 21 2017
Kentaro, does this ring a bell?
,
Mar 21 2017
We're failing at creating a new wrapper and thus end up with passing a null wrapper to V8. That can happen in OOM or stack-overflow. Given that the machine stack is not really large, is this OOM?
,
Apr 7 2017
This is a top-15 crasher on Android WebView. If it's an OOM, it would be good to mark it as such (ideally by crashing with OOM when we detect this in Blink).
,
Apr 8 2017
Users experienced this crash on the following builds: Android Beta 58.0.3029.54 - 0.21 CPM, 6 reports, 4 clients (signature v8::internal::GlobalHandles::MakeWeak) If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates. - Go/Fracas
,
Apr 9 2017
ClusterFuzz has detected this issue as fixed in range 458746:463137. Detailed report: https://clusterfuzz.com/testcase?key=6191773581049856 Fuzzer: lcamtuf_cross_fuzz Job Type: mac_asan_chrome Platform Id: mac Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: v8::internal::GlobalHandles::MakeWeak blink::ScriptWrappable::setWrapper blink::DOMDataStore::setWrapper Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=454727:454751 Fixed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=458746:463137 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv95Pn1sCG5hpanJ9qv_V3P3YCtoWmw9iBIUbgrlLBN8XFkBwAuqOtmfNII9d-TpWXQDJuaWDGbl4TPBZLzNSmBKzdYqB8tCPWW5KYYlCqGDom_U4OIyoyuRFNH8tZVYVjIyjJ5UdRPnpLMipzg2Z8CdlS5Pp5aQEkmVyQHzA4b-1pyxUgewaT3wkdk71uyr6soXu9yPM7ikZpfOcRk3fCBMIyzNiz3QQgUagq4in55yagqmXRYTjtHT2ASsPMw7YpF0VgcTYoi-p2erQ_wXwngJ90-i7NdyWw-nbVch-pTgl9lDYjU37uWOas2UTzOoy-9QLYZQItN83SqtMHPd_4s0lefhacgziHXCnICZfq7uiVcIILOA?testcase_id=6191773581049856 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 9 2017
ClusterFuzz testcase 6191773581049856 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by mummare...@chromium.org
, Mar 13 2017Labels: Test-Predator-Wrong M-59