Null-dereference READ in v8::internal::AstBitsetType::Lub |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5494684775612416 Fuzzer: inferno_js_fuzzer Job Type: linux_asan_d8_v8_arm_dbg Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x00000000 Crash State: v8::internal::AstBitsetType::Lub v8::internal::AstType::SlowIs v8::internal::RepresentationFor Sanitizer: address (ASAN) Regressed: V8: 38773:38774 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5494684775612416 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
May 29 2017
Issue 727028 has been merged into this issue.
,
May 29 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/eef603feb1b61db497b0fe1de293929534f0c26f commit eef603feb1b61db497b0fe1de293929534f0c26f Author: Igor Sheludko <ishell@chromium.org> Date: Mon May 29 09:52:43 2017 [crankshaft] Properly handle stack overflows happened during AST typing. Bug: chromium:724820 Change-Id: If4d05326ad00d0d3efe8f58b361595f2655d90d2 Reviewed-on: https://chromium-review.googlesource.com/518142 Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#45550} [modify] https://crrev.com/eef603feb1b61db497b0fe1de293929534f0c26f/src/crankshaft/hydrogen.cc
,
May 29 2017
,
May 29 2017
,
May 30 2017
ClusterFuzz has detected this issue as fixed in range 45549:45550. Detailed report: https://clusterfuzz.com/testcase?key=5494684775612416 Fuzzer: inferno_js_fuzzer Job Type: linux_asan_d8_v8_arm_dbg Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x00000000 Crash State: v8::internal::AstBitsetType::Lub v8::internal::AstType::SlowIs v8::internal::RepresentationFor Sanitizer: address (ASAN) Regressed: V8: 38773:38774 Fixed: V8: 45549:45550 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5494684775612416 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
|||
►
Sign in to add a comment |
|||
Comment 1 by ishell@chromium.org
, May 27 2017Owner: ishell@chromium.org
Status: Assigned (was: Untriaged)