New issue
Advanced search Search tips

Issue 705157 link

Starred by 1 user
Status: Verified
Owner: ----
Closed: Mar 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug-Security



Sign in to add a comment

Use-of-uninitialized-value in v8::internal::compiler::ScheduleLateNodeVisitor::ScheduleRegion

Project Member Reported by ClusterFuzz, Mar 24 2017 
Detailed report: https://clusterfuzz.com/testcase?key=4821150229331968

Fuzzer: mbarbella_js_mutation
Job Type: linux_msan_d8
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  v8::internal::compiler::ScheduleLateNodeVisitor::ScheduleRegion
  v8::internal::compiler::ScheduleLateNodeVisitor::ProcessQueue
  v8::internal::compiler::Scheduler::ScheduleLate
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Low

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_d8&range=455700:456019

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv97sGZ6uRK0g0O1i4urXKRwSWlKfnG2Cei98tr7YZGw15vsvM8exk7Gjo4NgvnHwfZalo96diEOa0vpiv0lkaGnRUyK6FknDt1ml9CWp32yY7ow6ZGo349PTWaRlZ-5V4UAx-hzReArdqXykj1kLHNIxb7B0G_mIzUeLcR11IVvw9dSujoNsJ5aMmpVzCzwRww13HsEQXE9b-fb26DiV6W5x86AioMSxc_OlPp42NWT1aAmlPgVhh8v6EBnYbn5Ztd-IbZ8j1Rq8cvip1kop_cSv9pM72CzyU6fOErMzJdpaq89CGXkbBM8FDIei5EJ8uR0Ctl6I0xrMKhQceLN2ryJyYflTJHiZ1u3LaUWAv670Ja2WVDfwyi3V2ap8kCarfx-R6k_2mOSMD6xj4dxidgCXSOpsZg?testcase_id=4821150229331968


Additional requirements: Requires Gestures

Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Project Member

Comment 1 by ClusterFuzz, Mar 25 2017 

ClusterFuzz has detected this issue as fixed in range 459483:459538.

Detailed report: https://clusterfuzz.com/testcase?key=4821150229331968

Fuzzer: mbarbella_js_mutation
Job Type: linux_msan_d8
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  v8::internal::compiler::ScheduleLateNodeVisitor::ScheduleRegion
  v8::internal::compiler::ScheduleLateNodeVisitor::ProcessQueue
  v8::internal::compiler::Scheduler::ScheduleLate
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Low

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_d8&range=455700:456019
Fixed: https://clusterfuzz.com/revisions?job=linux_msan_d8&range=459483:459538

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv97sGZ6uRK0g0O1i4urXKRwSWlKfnG2Cei98tr7YZGw15vsvM8exk7Gjo4NgvnHwfZalo96diEOa0vpiv0lkaGnRUyK6FknDt1ml9CWp32yY7ow6ZGo349PTWaRlZ-5V4UAx-hzReArdqXykj1kLHNIxb7B0G_mIzUeLcR11IVvw9dSujoNsJ5aMmpVzCzwRww13HsEQXE9b-fb26DiV6W5x86AioMSxc_OlPp42NWT1aAmlPgVhh8v6EBnYbn5Ztd-IbZ8j1Rq8cvip1kop_cSv9pM72CzyU6fOErMzJdpaq89CGXkbBM8FDIei5EJ8uR0Ctl6I0xrMKhQceLN2ryJyYflTJHiZ1u3LaUWAv670Ja2WVDfwyi3V2ap8kCarfx-R6k_2mOSMD6xj4dxidgCXSOpsZg?testcase_id=4821150229331968


Additional requirements: Requires Gestures

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 2 by ClusterFuzz, Mar 25 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Untriaged)
ClusterFuzz testcase 4821150229331968 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Project Member

Comment 3 by sheriffbot@chromium.org, Mar 25 2017

Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify
Project Member

Comment 4 by sheriffbot@chromium.org, Jul 1 2017

Labels: -Restrict-View-SecurityNotify allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 5 by sheriffbot@chromium.org, Jul 28

Labels: Pri-2

Sign in to add a comment