CHECK failure: next == token in parser-base.h |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5530433342406656 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: next == token in parser-base.h Sanitizer: address (ASAN) Regressed: V8: 44274:44275 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv96rNxaY3hWdMKI0Om52HRi_nHbnQcF4G1CNWpW8Ta-OyQyOHDi9UIcv7wI_UP6HMmtNWA_5TtXf-KV8BWhzd3Clcot6PJUTn0a6S5gpDSCLwz5uzk7d_KV3s28F_5TlTGLfUd-7RGvKRLBCOwuUiw4u8_83IYAXkLon1gyKUT1euzMHIuy-gIX41jim-VRwZcP4TG4et0sHsgBY11SOFAyrVqlYkhbaAkGcG9zy25BGW0ESqd1ag7JME24mmNE2NxcSerbkoar5NTEDzOO3EHRDn_ji5qFApgL6SCD7Es2l6y1lHWAHcmI0CISqRHZnDCVjrRwKbWSnrbDkox_UwkNstezDi42mGYLywTx-zLjjpezidyQpAyMW0GcDgwPS4xNCzUj1RVNlwhlJdlgBz93Uv8X2pQ?testcase_id=5530433342406656 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 10 2017
Regression range points to fa31434127441d07fdf91ca506b20af7719ee4f9. Extracted simplified repro ... // Flass: --es-staging function f() { try { f(); } catch(e) { Function("}), x = this, (function() {"); } } f();
,
Apr 10 2017
,
Apr 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/1236335551297ea54ae416c860bbd3ae89807993 commit 1236335551297ea54ae416c860bbd3ae89807993 Author: Josh Wolfe <jwolfe@igalia.com> Date: Mon Apr 17 20:06:15 2017 fix assertion failure with --harmony CreateDynamicFunction() in stack overflow conditions Bug= chromium:707066 R=littledan@chromium.org, adamk@chromium.org, caitp@igalia.com CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel Change-Id: I24ce0a08816940ef4646d0f2de188d4832c823a0 Reviewed-on: https://chromium-review.googlesource.com/474990 Reviewed-by: Daniel Ehrenberg <littledan@chromium.org> Commit-Queue: Josh Wolfe <jwolfe@igalia.com> Cr-Commit-Position: refs/heads/master@{#44668} [modify] https://crrev.com/1236335551297ea54ae416c860bbd3ae89807993/src/parsing/parser-base.h [add] https://crrev.com/1236335551297ea54ae416c860bbd3ae89807993/test/mjsunit/regress/regress-707066.js
,
Apr 17 2017
I believe this issue is fixed.
,
Apr 17 2017
Thanks!
,
Apr 18 2017
ClusterFuzz has detected this issue as fixed in range 44667:44668. Detailed report: https://clusterfuzz.com/testcase?key=5530433342406656 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: next == token in parser-base.h Sanitizer: address (ASAN) Regressed: V8: 44274:44275 Fixed: V8: 44667:44668 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv96rNxaY3hWdMKI0Om52HRi_nHbnQcF4G1CNWpW8Ta-OyQyOHDi9UIcv7wI_UP6HMmtNWA_5TtXf-KV8BWhzd3Clcot6PJUTn0a6S5gpDSCLwz5uzk7d_KV3s28F_5TlTGLfUd-7RGvKRLBCOwuUiw4u8_83IYAXkLon1gyKUT1euzMHIuy-gIX41jim-VRwZcP4TG4et0sHsgBY11SOFAyrVqlYkhbaAkGcG9zy25BGW0ESqd1ag7JME24mmNE2NxcSerbkoar5NTEDzOO3EHRDn_ji5qFApgL6SCD7Es2l6y1lHWAHcmI0CISqRHZnDCVjrRwKbWSnrbDkox_UwkNstezDi42mGYLywTx-zLjjpezidyQpAyMW0GcDgwPS4xNCzUj1RVNlwhlJdlgBz93Uv8X2pQ?testcase_id=5530433342406656 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
||||
►
Sign in to add a comment |
||||
Comment 1 by mummare...@chromium.org
, Mar 31 2017