Issue metadata
Sign in to add a comment
|
CHECK failure: deopt_data->get(this_idx)->IsUndefined(isolate) in wasm-module.cc |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5444891267301376 Fuzzer: mbarbella_js_mutation Job Type: linux_v8_d8_tot Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: deopt_data->get(this_idx)->IsUndefined(isolate) in wasm-module.cc Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_v8_d8_tot&range=43912:44002 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5444891267301376 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 26 2017
Looks related to --validate-asm, I'll take a look.
,
May 12 2017
Reduced repro ...
function Module() {
"use asm";
function f() {
funTable[0 & 0]();
}
function g() {}
var funTable = [ g ];
return f;
}
Module();
gc();
Module();
,
May 12 2017
,
May 30 2017
ClusterFuzz has detected this issue as fixed in range 45558:45559. Detailed report: https://clusterfuzz.com/testcase?key=5444891267301376 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: deopt_data->get(this_idx)->IsUndefined(isolate) in wasm-module.cc Sanitizer: address (ASAN) Regressed: V8: 43912:44002 Fixed: V8: 45558:45559 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5444891267301376 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 30 2017
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by mummare...@chromium.org
, Apr 25 2017Labels: M-60 Test-Predator-Wrong