New issue
Advanced search Search tips

Issue 714696 link

Starred by 2 users

Issue metadata

Status: Fixed
Owner:
Closed: Apr 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Fatal error in v8::FromJust

Project Member Reported by ClusterFuzz, Apr 24 2017

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=6054360514822144

Fuzzer: v8_builtins_generator
Job Type: linux_asan_d8_v8_arm64_dbg
Platform Id: linux

Crash Type: Fatal error
Crash Address: 
Crash State:
  v8::FromJust
  
Sanitizer: address (ASAN)

Regressed: V8: 44796:44797

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6054360514822144


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
 
Cc: jarin@chromium.org
Owner: yangguo@chromium.org
Status: Assigned (was: Untriaged)
Regression range points to 461e47a8fee3624f7fda3a5b52ae760f8302d7c3.
Project Member

Comment 3 by bugdroid1@chromium.org, Apr 25 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/95d53ffee15e73a6423284bfedb1403c12633d47

commit 95d53ffee15e73a6423284bfedb1403c12633d47
Author: yangguo <yangguo@chromium.org>
Date: Tue Apr 25 14:00:56 2017

Revert of [d8] console methods must not throw. (patchset #1 id:1 of https://codereview.chromium.org/2838143002/ )

Reason for revert:
Breaks no-intl builds.

Original issue's description:
> [d8] console methods must not throw.
>
> R=jarin@chromium.org
> BUG= chromium:714696 
>
> Review-Url: https://codereview.chromium.org/2838143002
> Cr-Commit-Position: refs/heads/master@{#44854}
> Committed: https://chromium.googlesource.com/v8/v8/+/87b5b53f6f3321ad33b15e686590da7b57df2ff9

TBR=jarin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= chromium:714696 

Review-Url: https://codereview.chromium.org/2840853002
Cr-Commit-Position: refs/heads/master@{#44856}

[modify] https://crrev.com/95d53ffee15e73a6423284bfedb1403c12633d47/src/builtins/builtins-console.cc
[modify] https://crrev.com/95d53ffee15e73a6423284bfedb1403c12633d47/src/d8-console.cc
[modify] https://crrev.com/95d53ffee15e73a6423284bfedb1403c12633d47/test/message/console.js
[modify] https://crrev.com/95d53ffee15e73a6423284bfedb1403c12633d47/test/message/console.out
[delete] https://crrev.com/7a1892e3bb923c1db4e3578a76a12e28e3f6ff9e/test/mjsunit/regress/regress-crbug-714696.js

Project Member

Comment 5 by ClusterFuzz, Apr 27 2017

ClusterFuzz has detected this issue as fixed in range 44879:44880.

Detailed report: https://clusterfuzz.com/testcase?key=6054360514822144

Fuzzer: v8_builtins_generator
Job Type: linux_asan_d8_v8_arm64_dbg
Platform Id: linux

Crash Type: Fatal error
Crash Address: 
Crash State:
  v8::FromJust
  
Sanitizer: address (ASAN)

Regressed: V8: 44796:44797
Fixed: V8: 44879:44880

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6054360514822144


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Status: Fixed (was: Assigned)
 Issue 715571  has been merged into this issue.

Sign in to add a comment