Issue metadata
Sign in to add a comment
|
CHECK failure: map()->is_callable() in objects-debug.cc |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4855326951342080 Fuzzer: inferno_js_fuzzer_c Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: map()->is_callable() in objects-debug.cc v8::internal::JSFunction::JSFunctionVerify v8::internal::Object::ObjectVerify Sanitizer: address (ASAN) Regressed: V8: 39701:39702 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4855326951342080 Issue manually filed by: clemensh See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
May 24 2017
Applying security view restrictions to all v8 CHECK/DCHECK failures. (CHECKs aren't security, but we have no way to distinguish these right now).
,
May 25 2017
,
May 25 2017
,
May 26 2017
Detailed report: https://clusterfuzz.com/testcase?key=5708293145362432 Fuzzer: inferno_js_fuzzer_c Job Type: linux_asan_d8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: map()->is_callable() in objects-debug.cc v8::internal::JSFunction::JSFunctionVerify v8::internal::Object::ObjectVerify Sanitizer: address (ASAN) Regressed: V8: 39707:39708 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5708293145362432 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
May 27 2017
ClusterFuzz has detected this issue as fixed in range 45543:45544. Detailed report: https://clusterfuzz.com/testcase?key=4855326951342080 Fuzzer: inferno_js_fuzzer_c Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: map()->is_callable() in objects-debug.cc v8::internal::JSFunction::JSFunctionVerify v8::internal::Object::ObjectVerify Sanitizer: address (ASAN) Regressed: V8: 39701:39702 Fixed: V8: 45543:45544 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4855326951342080 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 27 2017
ClusterFuzz has detected this issue as fixed in range 45543:45544. Detailed report: https://clusterfuzz.com/testcase?key=5708293145362432 Fuzzer: inferno_js_fuzzer_c Job Type: linux_asan_d8 Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: map()->is_callable() in objects-debug.cc v8::internal::JSFunction::JSFunctionVerify v8::internal::Object::ObjectVerify Sanitizer: address (ASAN) Regressed: V8: 39707:39708 Fixed: V8: 45543:45544 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5708293145362432 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 27 2017
ClusterFuzz testcase 4855326951342080 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
May 27 2017
,
May 29 2017
,
May 31 2017
,
May 31 2017
Seems to be fixed by https://chromium.googlesource.com/v8/v8/+log/fdd8d15155a6e79af686a2b02eb97eaf86a45842..397afc696050690c6414a1e260d77cf17b577d36
,
May 31 2017
,
Sep 2 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by clemensh@chromium.org
, May 19 2017Status: Assigned (was: Untriaged)