Issue 718697 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Owner:	mlippautz@chromium.org
Closed:	May 2017
Cc:	█ hpayer@chromium.org u...@chromium.org
Components:	Blink>JavaScript
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	----
Type:	Bug-Security
Reproducible Security_Severity-Medium Stability-Memory-MemorySanitizer Security_Impact-Beta allpublic Clusterfuzz

Use-of-uninitialized-value in void v8::internal::BodyDescriptorBase::IteratePointers<v8::internal::MarkCompact

Project Member Reported by ClusterFuzz, May 5 2017

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=6251194845757440

Fuzzer: mbarbella_js_mutation
Job Type: linux_msan_d8
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  void v8::internal::BodyDescriptorBase::IteratePointers<v8::internal::MarkCompact
  v8::internal::MarkCompactCollector::EmptyMarkingDeque
  v8::internal::MarkCompactCollector::RootMarkingVisitor::VisitRootPointers
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_d8&range=459483:459538

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6251194845757440


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by clemensh@chromium.org, May 5 2017

Cc: hpayer@chromium.org u...@chromium.org
Owner: mlippautz@chromium.org
Status: Assigned (was: Untriaged)

Reproduces reliable with msan d8 built inside chrome.

Local bisect isolated 215af922ca00c29e44ad474c3ea5281fb2b50c3e (March 8th).

Comment 2 by mlippautz@chromium.org, May 5 2017

Status: Started (was: Assigned)

Thanks, taking a look.

Comment 3 by mlippautz@chromium.org, May 5 2017

Mergedinto: 716265
Status: Duplicate (was: Started)

Aaaand, this is a dupe.

Project Member

Comment 4 by ClusterFuzz, May 6 2017

ClusterFuzz has detected this issue as fixed in range 469626:469632.

Detailed report: https://clusterfuzz.com/testcase?key=6251194845757440

Fuzzer: mbarbella_js_mutation
Job Type: linux_msan_d8
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  void v8::internal::BodyDescriptorBase::IteratePointers<v8::internal::MarkCompact
  v8::internal::MarkCompactCollector::EmptyMarkingDeque
  v8::internal::MarkCompactCollector::RootMarkingVisitor::VisitRootPointers
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_d8&range=459483:459538
Fixed: https://clusterfuzz.com/revisions?job=linux_msan_d8&range=469626:469632

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6251194845757440


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Project Member

Comment 5 by sheriffbot@chromium.org, Sep 1 2017

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 718697 link

Issue metadata

Use-of-uninitialized-value in void v8::internal::BodyDescriptorBase::IteratePointers<v8::internal::MarkCompact

Issue description

Comment 1 by clemensh@chromium.org, May 5 2017

Comment 1 Deleted

Comment 2 by mlippautz@chromium.org, May 5 2017

Comment 2 Deleted

Comment 3 by mlippautz@chromium.org, May 5 2017

Comment 3 Deleted

Comment 4 by ClusterFuzz, May 6 2017

Comment 4 Deleted

Comment 5 by sheriffbot@chromium.org, Sep 1 2017

Comment 5 Deleted

Sign in to add a comment