New issue
Advanced search Search tips

Issue 715151 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Closed: Apr 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

CHECK failure: (map()->has_fast_smi_or_object_elements() || (elements() == GetHeap()->empty_fix

Project Member Reported by ClusterFuzz, Apr 25 2017

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=6729847402659840

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  (map()->has_fast_smi_or_object_elements() || (elements() == GetHeap()->empty_fix
  
Sanitizer: address (ASAN)

Regressed: V8: 44832:44833

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6729847402659840


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
 
Cc: jarin@chromium.org
Components: -Blink>JavaScript Blink>JavaScript>Compiler
Owner: bmeu...@chromium.org
Status: Assigned (was: Untriaged)
Regression range points to 904e5df567844939a065f558ea338cbdc05eb2cd. But could just be flushing out an existing problem. Feel free to hand back if it's unrelated to the change in question.
Status: Fixed (was: Assigned)
Project Member

Comment 4 by ClusterFuzz, Apr 27 2017

ClusterFuzz has detected this issue as fixed in range 44880:44881.

Detailed report: https://clusterfuzz.com/testcase?key=6729847402659840

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  (map()->has_fast_smi_or_object_elements() || (elements() == GetHeap()->empty_fix
  
Sanitizer: address (ASAN)

Regressed: V8: 44832:44833
Fixed: V8: 44880:44881

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6729847402659840


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment