Issue metadata
Sign in to add a comment
|
Stack-use-after-return in v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterInfo::materialized |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5098112806027264 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8 Platform Id: linux Crash Type: Stack-use-after-return READ 1 Crash Address: 0x7fa9b7e698f8 Crash State: v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterInfo::materialized v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterInfo::GetEquivalen v8::internal::interpreter::BytecodeRegisterOptimizer::CreateMaterializedEquivale Sanitizer: address (ASAN) Regressed: V8: 42145:42146 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94ROsWdlHilClX2E589jdzmq8oHorSOyMn7D83QyCXhcIuHCigsF4wnxT66JsQEbkWHflueI25ey9ZDYt7TD4583_zsz0OtSO7aisugQwjv99uUYaGBvgb7M6WwO3_Un5AU_o25rPkjstnY8e5lLBoyReZPQ09KoPeUwEOwAeBn6KcbgfVjNphTLp4IX3Pwurk62mBxF0B_MQm_Y4zMEe_CWOSwRUYZIHOfaIoZZLLrKlmip8_CYXpnRMSLkl-F3PUVLvuQw142bBwvYux-JpMtLSSD55gy3VY9MswM2LcktZ87ScEkV0SMRrLlKSsMBVZANzdDG9EalTsQhEHxj-mOO5FD5PRwJu6vNcigHMUYEY8u-Z_qFDKlBSIIxz6SCNr8-N8aX6jvOjPcMkrvB14P69524g?testcase_id=5098112806027264 Issue manually filed by: ishell See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Mar 31 2017
Detailed report: https://clusterfuzz.com/testcase?key=5317773405454336 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8 Platform Id: linux Crash Type: Global-buffer-overflow READ 1 Crash Address: 0x7f186d768a28 Crash State: v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterInfo::materialized v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterTransfer v8::internal::interpreter::BytecodeArrayBuilder::StoreAccumulatorInRegister Sanitizer: address (ASAN) Regressed: V8: 42145:42146 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94LxsT4Xa0ituOQT-z-L8Zu4Vab0F4ru4UqxWPshIfUF4MwyhuFH7UgBnb7OaEVQgwxIzpdjyQrJi6TH7ABqgpEPQH1PUSFS6ApMuUPPKRukap5OqcWuurnSsZ2Segl_QfOfj3kvvUh3sTCVvEmRx8Ks7zzlwAJ6T6M2LhgGk8poXoL202F-37dFhLjEsT9UriKERDmICpTdw4XTHY1VlQ0xUvUzMJfH0OOf_7NyqNM3uGcKLBXr9DwikCPaOXR4bO5a80BAuJMvWKmOLWDGZ7xLzvnXTZPSeiJ1NrueIakkpOHfnnRxXOeK6BZly0kvZKgdMABJz1Oio2uAVB1T5TIoXsFbFHwPWO1FFgX8JICk2Axae9sSdmmgNnKOQuC_m2wV3qyM1C0VzvLqOEfNEzqbN-1Dg?testcase_id=5317773405454336 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Mar 31 2017
,
Mar 31 2017
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 31 2017
,
Apr 1 2017
ClusterFuzz has detected this issue as fixed in range 44307:44308. Detailed report: https://clusterfuzz.com/testcase?key=5098112806027264 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8 Platform Id: linux Crash Type: Stack-use-after-return READ 1 Crash Address: 0x7fa9b7e698f8 Crash State: v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterInfo::materialized v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterInfo::GetEquivalen v8::internal::interpreter::BytecodeRegisterOptimizer::CreateMaterializedEquivale Sanitizer: address (ASAN) Regressed: V8: 42145:42146 Fixed: V8: 44307:44308 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94ROsWdlHilClX2E589jdzmq8oHorSOyMn7D83QyCXhcIuHCigsF4wnxT66JsQEbkWHflueI25ey9ZDYt7TD4583_zsz0OtSO7aisugQwjv99uUYaGBvgb7M6WwO3_Un5AU_o25rPkjstnY8e5lLBoyReZPQ09KoPeUwEOwAeBn6KcbgfVjNphTLp4IX3Pwurk62mBxF0B_MQm_Y4zMEe_CWOSwRUYZIHOfaIoZZLLrKlmip8_CYXpnRMSLkl-F3PUVLvuQw142bBwvYux-JpMtLSSD55gy3VY9MswM2LcktZ87ScEkV0SMRrLlKSsMBVZANzdDG9EalTsQhEHxj-mOO5FD5PRwJu6vNcigHMUYEY8u-Z_qFDKlBSIIxz6SCNr8-N8aX6jvOjPcMkrvB14P69524g?testcase_id=5098112806027264 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 1 2017
ClusterFuzz has detected this issue as fixed in range 44307:44308. Detailed report: https://clusterfuzz.com/testcase?key=5317773405454336 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8 Platform Id: linux Crash Type: Global-buffer-overflow READ 1 Crash Address: 0x7f186d768a28 Crash State: v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterInfo::materialized v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterTransfer v8::internal::interpreter::BytecodeArrayBuilder::StoreAccumulatorInRegister Sanitizer: address (ASAN) Regressed: V8: 42145:42146 Fixed: V8: 44307:44308 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94LxsT4Xa0ituOQT-z-L8Zu4Vab0F4ru4UqxWPshIfUF4MwyhuFH7UgBnb7OaEVQgwxIzpdjyQrJi6TH7ABqgpEPQH1PUSFS6ApMuUPPKRukap5OqcWuurnSsZ2Segl_QfOfj3kvvUh3sTCVvEmRx8Ks7zzlwAJ6T6M2LhgGk8poXoL202F-37dFhLjEsT9UriKERDmICpTdw4XTHY1VlQ0xUvUzMJfH0OOf_7NyqNM3uGcKLBXr9DwikCPaOXR4bO5a80BAuJMvWKmOLWDGZ7xLzvnXTZPSeiJ1NrueIakkpOHfnnRxXOeK6BZly0kvZKgdMABJz1Oio2uAVB1T5TIoXsFbFHwPWO1FFgX8JICk2Axae9sSdmmgNnKOQuC_m2wV3qyM1C0VzvLqOEfNEzqbN-1Dg?testcase_id=5317773405454336 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 1 2017
ClusterFuzz testcase 5098112806027264 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Apr 1 2017
,
Jul 8 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ishell@chromium.org
, Mar 31 2017Owner: mvstan...@chromium.org
Status: Assigned (was: Untriaged)