Direct-leak in uprv_malloc_59 |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6195500780093440 Fuzzer: inferno_js_fuzzer Job Type: linux_asan_d8_v8_arm64_dbg Platform Id: linux Crash Type: Indirect-leak Crash Address: Crash State: uprv_malloc_59 icu_59::UMemory::operator new icu_59::CollationSettings* icu_59::SharedObject::copyOnWrite<icu_59::CollationSe Sanitizer: address (ASAN) Regressed: V8: 44058:44059 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6195500780093440 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 3 2017
Detailed report: https://clusterfuzz.com/testcase?key=6633839865888768 Fuzzer: inferno_js_fuzzer Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: Direct-leak Crash Address: Crash State: uprv_malloc_59 icu_59::UMemory::operator new v8::internal::CreateICUDateFormat Sanitizer: address (ASAN) Regressed: V8: 44058:44059 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6633839865888768 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 3 2017
CF points to b8f8860161649a8b6c5bc43a7e8926c2626985b5. PTAL.
,
Jul 3 2017
The testcase minimizer did a really bad job here. Reproducer: new Intl.Collator(); Does not reproduce with --invoke-weak-callbacks. Looks similar to crbug.com/729853 . CC'ing machenbach, as I think that marking all such bugs as WontFix is not a scalable solution ;)
,
Jul 3 2017
Hum, but the original stack trace that's referenced gets --invoke-weak-callbacks passed, not?
,
Jul 3 2017
Oh, right. I tried again, and it reproduces either without any args, or with "--invoke-weak-callbacks --wasm-interpret-all". Weird, I will have to dig deeper...
,
Jul 3 2017
Don't really know how to approach this. It seems like --wasm-interpret-all somehow prevents the ICU object from being collected. --wasm-interpret-all creates a Managed object for the C++ interpreter, but also without this option, one Managed object is created for each wasm instance. So that should not really make a difference. +Ulan Did you see something like this before? Any idea what could be going on here?
,
Jul 15 2017
ClusterFuzz has detected this issue as fixed in range 46678:46679. Detailed report: https://clusterfuzz.com/testcase?key=6195500780093440 Fuzzer: inferno_js_fuzzer Job Type: linux_asan_d8_v8_arm64_dbg Platform Id: linux Crash Type: Indirect-leak Crash Address: Crash State: uprv_malloc_59 icu_59::UMemory::operator new icu_59::CollationSettings* icu_59::SharedObject::copyOnWrite<icu_59::CollationSe Sanitizer: address (ASAN) Regressed: V8: 44058:44059 Fixed: V8: 46678:46679 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6195500780093440 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 15 2017
ClusterFuzz has detected this issue as fixed in range 46678:46679. Detailed report: https://clusterfuzz.com/testcase?key=6633839865888768 Fuzzer: inferno_js_fuzzer Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: Direct-leak Crash Address: Crash State: uprv_malloc_59 icu_59::UMemory::operator new v8::internal::CreateICUDateFormat Sanitizer: address (ASAN) Regressed: V8: 44058:44059 Fixed: V8: 46678:46679 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6633839865888768 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 15 2017
ClusterFuzz testcase 6195500780093440 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by infe...@chromium.org
, Jun 24 2017Status: Assigned (was: Untriaged)