CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsFixedArray()) in objects-i |
||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6410996546797568 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !v8::internal::FLAG_enable_slow_asserts || (object->IsFixedArray()) in objects-i Sanitizer: address (ASAN) Regressed: V8: 44701:44702 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv96DElOUiXKnbqgoolP9fzjOlGFA2PMVl-nvlhNLsJud1H6UF07pOnSRxAaEuLjeDp2Tw-L117U06MeOWz9I3VfAMhSGT-7CxJycs_frkjVxMwjCDkHieYGGKPF30ZfH1m00LjQRQ0JNcW_6Y2AZOJKrZERFqURK8443jxS9lK3cpLsYbKQfErLsNTpTQR-l-SEpbm_8LxPDRYze043DrmbKHbMr7FdGkav2RM6I1hDg4t1246eGzwIQFXjGJOsksHMaUag-2ziT3Hj0mzlDxU5VRayJXk7bnBXlFN-UHZPGsp_GInvW94j1a5xjajUIQ36tNTCT_H5kKfZyHVyT6QNFrM0kJ0n0KAKFw9tFMqYruOib8uU?testcase_id=6410996546797568 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 21 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/ab4164ded30ea247f9a09accc5fa94e572a0416b commit ab4164ded30ea247f9a09accc5fa94e572a0416b Author: Igor Sheludko <ishell@chromium.org> Date: Fri Apr 21 16:57:06 2017 [debug] Fix SloppyArgumentsElements verifier. BUG= chromium:713365 Change-Id: I5d9d5b5e00a637923a1a3e0dc7f81fa4075c4e82 Reviewed-on: https://chromium-review.googlesource.com/484300 Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#44782} [modify] https://crrev.com/ab4164ded30ea247f9a09accc5fa94e572a0416b/src/objects-debug.cc
,
Apr 21 2017
,
Apr 21 2017
ClusterFuzz has detected this issue as fixed in range 44781:44782. Detailed report: https://clusterfuzz.com/testcase?key=6410996546797568 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !v8::internal::FLAG_enable_slow_asserts || (object->IsFixedArray()) in objects-i Sanitizer: address (ASAN) Regressed: V8: 44701:44702 Fixed: V8: 44781:44782 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6410996546797568 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
||
►
Sign in to add a comment |
||
Comment 1 by ishell@chromium.org
, Apr 21 2017Status: Assigned (was: Untriaged)