Detailed report: https://clusterfuzz.com/testcase?key=6054360514822144 Fuzzer: v8_builtins_generator Job Type: linux_asan_d8_v8_arm64_dbg Platform Id: linux Crash Type: Fatal error Crash Address: Crash State: v8::FromJust Sanitizer: address (ASAN) Regressed: V8: 44796:44797 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6054360514822144 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Regression range points to 461e47a8fee3624f7fda3a5b52ae760f8302d7c3.
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/87b5b53f6f3321ad33b15e686590da7b57df2ff9 commit 87b5b53f6f3321ad33b15e686590da7b57df2ff9 Author: yangguo <yangguo@chromium.org> Date: Tue Apr 25 13:47:33 2017 [d8] console methods must not throw. R=jarin@chromium.org BUG= chromium:714696 Review-Url: https://codereview.chromium.org/2838143002 Cr-Commit-Position: refs/heads/master@{#44854} [modify] https://crrev.com/87b5b53f6f3321ad33b15e686590da7b57df2ff9/src/builtins/builtins-console.cc [modify] https://crrev.com/87b5b53f6f3321ad33b15e686590da7b57df2ff9/src/d8-console.cc [modify] https://crrev.com/87b5b53f6f3321ad33b15e686590da7b57df2ff9/test/message/console.js [modify] https://crrev.com/87b5b53f6f3321ad33b15e686590da7b57df2ff9/test/message/console.out [add] https://crrev.com/87b5b53f6f3321ad33b15e686590da7b57df2ff9/test/mjsunit/regress/regress-crbug-714696.js
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/95d53ffee15e73a6423284bfedb1403c12633d47 commit 95d53ffee15e73a6423284bfedb1403c12633d47 Author: yangguo <yangguo@chromium.org> Date: Tue Apr 25 14:00:56 2017 Revert of [d8] console methods must not throw. (patchset #1 id:1 of https://codereview.chromium.org/2838143002/ ) Reason for revert: Breaks no-intl builds. Original issue's description: > [d8] console methods must not throw. > > R=jarin@chromium.org > BUG= chromium:714696 > > Review-Url: https://codereview.chromium.org/2838143002 > Cr-Commit-Position: refs/heads/master@{#44854} > Committed: https://chromium.googlesource.com/v8/v8/+/87b5b53f6f3321ad33b15e686590da7b57df2ff9 TBR=jarin@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= chromium:714696 Review-Url: https://codereview.chromium.org/2840853002 Cr-Commit-Position: refs/heads/master@{#44856} [modify] https://crrev.com/95d53ffee15e73a6423284bfedb1403c12633d47/src/builtins/builtins-console.cc [modify] https://crrev.com/95d53ffee15e73a6423284bfedb1403c12633d47/src/d8-console.cc [modify] https://crrev.com/95d53ffee15e73a6423284bfedb1403c12633d47/test/message/console.js [modify] https://crrev.com/95d53ffee15e73a6423284bfedb1403c12633d47/test/message/console.out [delete] https://crrev.com/7a1892e3bb923c1db4e3578a76a12e28e3f6ff9e/test/mjsunit/regress/regress-crbug-714696.js
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/a6b27a725fd233fdbd52fc7519b32deab0c0e05a commit a6b27a725fd233fdbd52fc7519b32deab0c0e05a Author: yangguo <yangguo@chromium.org> Date: Wed Apr 26 09:48:29 2017 [d8] console methods must not throw. R=jarin@chromium.org BUG= chromium:714696 Review-Url: https://codereview.chromium.org/2838143002 Cr-Original-Commit-Position: refs/heads/master@{#44854} Committed: https://chromium.googlesource.com/v8/v8/+/87b5b53f6f3321ad33b15e686590da7b57df2ff9 Review-Url: https://codereview.chromium.org/2838143002 Cr-Commit-Position: refs/heads/master@{#44880} [modify] https://crrev.com/a6b27a725fd233fdbd52fc7519b32deab0c0e05a/src/builtins/builtins-console.cc [modify] https://crrev.com/a6b27a725fd233fdbd52fc7519b32deab0c0e05a/src/d8-console.cc [modify] https://crrev.com/a6b27a725fd233fdbd52fc7519b32deab0c0e05a/test/message/console.js [modify] https://crrev.com/a6b27a725fd233fdbd52fc7519b32deab0c0e05a/test/message/console.out [add] https://crrev.com/a6b27a725fd233fdbd52fc7519b32deab0c0e05a/test/mjsunit/regress/regress-crbug-714696.js
ClusterFuzz has detected this issue as fixed in range 44879:44880. Detailed report: https://clusterfuzz.com/testcase?key=6054360514822144 Fuzzer: v8_builtins_generator Job Type: linux_asan_d8_v8_arm64_dbg Platform Id: linux Crash Type: Fatal error Crash Address: Crash State: v8::FromJust Sanitizer: address (ASAN) Regressed: V8: 44796:44797 Fixed: V8: 44879:44880 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6054360514822144 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Issue 715571 has been merged into this issue.
Comment 1 by mstarzinger@chromium.org
, Apr 25 2017Owner: yangguo@chromium.org
Status: Assigned (was: Untriaged)