Issue 702667 link

Starred by 1 user

Issue metadata

Status:	Verified
Owner:	jochen@chromium.org
Closed:	Mar 2017
Components:	Blink>JavaScript
EstimatedDays:	----
NextAction:	----
OS:	Windows , Mac
Pri:	1
Type:	Bug
Stability-Crash Reproducible Stability-Memory-AddressSanitizer Clusterfuzz M-59 ClusterFuzz-Verified Test-Predator-Correct-CLs

Crash in v8::internal::Invoke

Project Member Reported by ClusterFuzz, Mar 17 2017

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5129309267427328

Fuzzer: meacer_chromebot_extensions
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: UNKNOWN READ
Crash Address: 0x00000000000f
Crash State:
  v8::internal::Invoke
  v8::internal::Execution::Call
  v8::Function::Call
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=456626:457730

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv96xNKa-mvjDM44JtbgM586FdMszMOd_aTXKX9ExHF9oEO8C0Z_ypWqD24z7NxII6l4aZ0EE1FnfY1QOTYGwCR33kvxwazyGfJ1gDyHyAsEK9HiPnD1o6_JbUcN2CrxBiIskvZoOyRHQQ6RE-fldRpHehK-cJNVV9TRU86dkn7yRgV_ecwuvXy_N7Msz0kloOlONytBX1FtS3SnlUGUCx6zdVarG0OWtlnTH7fvYLlPD3KEbED5u5AVmzvgBfekI0PBHEW5hHkKen5KBjVN0l1fUTZR7Yq23v-FAXUpmLnzm5lFT3L5hCQB8ix4yUab__ILoVaR3Px4PstiBtTb1Dz8dwUfbpnVVE8N0S8zWN3xlL2h8OA0?testcase_id=5129309267427328


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by mummare...@chromium.org, Mar 17 2017

Components: Blink>JavaScript
Labels: Test-Predator-Correct-CLs M-59
Owner: jochen@chromium.org
Status: Assigned (was: Untriaged)

The result is a list of CLs that change the crashed files. 

Author: Jochen Eisinger
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/2cd2f5feff3a811eb1d2a69996f8be9f501c44a5
Time: Mon Mar 13 14:01:45 2017
File api.cc is changed in this cl (and is part of stack frame #3, "v8::Function::Call")
Minimum distance from crash line to modified line: 62. (file: api.cc, crashed on: 5126, modified: 5064).

Project Member

Comment 2 by ClusterFuzz, Mar 18 2017

Labels: OS-Windows

Project Member

Comment 3 by ClusterFuzz, Mar 21 2017

ClusterFuzz has detected this issue as fixed in range 458035:458040.

Detailed report: https://clusterfuzz.com/testcase?key=5129309267427328

Fuzzer: meacer_chromebot_extensions
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: UNKNOWN READ
Crash Address: 0x00000000000f
Crash State:
  v8::internal::Invoke
  v8::internal::Execution::Call
  v8::Function::Call
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=456626:457730
Fixed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=458035:458040

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv96xNKa-mvjDM44JtbgM586FdMszMOd_aTXKX9ExHF9oEO8C0Z_ypWqD24z7NxII6l4aZ0EE1FnfY1QOTYGwCR33kvxwazyGfJ1gDyHyAsEK9HiPnD1o6_JbUcN2CrxBiIskvZoOyRHQQ6RE-fldRpHehK-cJNVV9TRU86dkn7yRgV_ecwuvXy_N7Msz0kloOlONytBX1FtS3SnlUGUCx6zdVarG0OWtlnTH7fvYLlPD3KEbED5u5AVmzvgBfekI0PBHEW5hHkKen5KBjVN0l1fUTZR7Yq23v-FAXUpmLnzm5lFT3L5hCQB8ix4yUab__ILoVaR3Px4PstiBtTb1Dz8dwUfbpnVVE8N0S8zWN3xlL2h8OA0?testcase_id=5129309267427328


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Project Member

Comment 4 by ClusterFuzz, Mar 21 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)

ClusterFuzz testcase 5129309267427328 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

►

Issue 702667 link

Issue metadata

Crash in v8::internal::Invoke

Issue description

Comment 1 by mummare...@chromium.org, Mar 17 2017

Comment 1 Deleted

Comment 2 by ClusterFuzz, Mar 18 2017

Comment 2 Deleted

Comment 3 by ClusterFuzz, Mar 21 2017

Comment 3 Deleted

Comment 4 by ClusterFuzz, Mar 21 2017

Comment 4 Deleted

Sign in to add a comment