CHECK failure: !exception.IsEmpty() in V8ScriptRunner.cpp |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6462563616555008 Fuzzer: inferno_twister Job Type: mac_asan_content_shell Platform Id: mac Crash Type: CHECK failure Crash Address: Crash State: !exception.IsEmpty() in V8ScriptRunner.cpp blink::V8ScriptRunner::ThrowException blink::V8ScriptRunner::ReportExceptionForModule Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=482161:482264 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6462563616555008 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 2 2017
,
Jul 3 2017
Kouhei, you introduced the failing CHECK in 73bb506d40e7618c72d23bb949fc37928ea68f21, can you have a look please?
,
Jul 4 2017
,
Jul 4 2017
I suspect this is the GC issue similar to crbug.com/732270
,
Jul 4 2017
,
Jul 4 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/52965d2d823717cd3d4feb67d424138c767c510a commit 52965d2d823717cd3d4feb67d424138c767c510a Author: Kouhei Ueno <kouhei@chromium.org> Date: Tue Jul 04 06:53:30 2017 [ES6 modules] TraceWrapper ModuleScript via HTMLParserScriptRunner This CL adds another TraceWrapper path to ModuleScript to cover case where: - Module script is an inline script - <script> element for the inline script is removed at the time of execution Bug: 594639 , 725816, 732270 , 737086 Change-Id: I5e8d00df55ae992f272aaac1b8890c120a32f3be Reviewed-on: https://chromium-review.googlesource.com/558536 Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Kouhei Ueno <kouhei@chromium.org> Cr-Commit-Position: refs/heads/master@{#484060} [modify] https://crrev.com/52965d2d823717cd3d4feb67d424138c767c510a/third_party/WebKit/Source/core/dom/Document.cpp [modify] https://crrev.com/52965d2d823717cd3d4feb67d424138c767c510a/third_party/WebKit/Source/core/dom/Document.h [modify] https://crrev.com/52965d2d823717cd3d4feb67d424138c767c510a/third_party/WebKit/Source/core/dom/DocumentParser.h [modify] https://crrev.com/52965d2d823717cd3d4feb67d424138c767c510a/third_party/WebKit/Source/core/dom/ModuleScript.h [modify] https://crrev.com/52965d2d823717cd3d4feb67d424138c767c510a/third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp [modify] https://crrev.com/52965d2d823717cd3d4feb67d424138c767c510a/third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.h [modify] https://crrev.com/52965d2d823717cd3d4feb67d424138c767c510a/third_party/WebKit/Source/core/html/parser/HTMLParserScriptRunner.cpp [modify] https://crrev.com/52965d2d823717cd3d4feb67d424138c767c510a/third_party/WebKit/Source/core/html/parser/HTMLParserScriptRunner.h
,
Jul 4 2017
,
Jul 6 2017
ClusterFuzz has detected this issue as fixed in range 484025:484263. Detailed report: https://clusterfuzz.com/testcase?key=6462563616555008 Fuzzer: inferno_twister Job Type: mac_asan_content_shell Platform Id: mac Crash Type: CHECK failure Crash Address: Crash State: !exception.IsEmpty() in V8ScriptRunner.cpp blink::V8ScriptRunner::ThrowException blink::V8ScriptRunner::ReportExceptionForModule Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=482161:482264 Fixed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=484025:484263 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6462563616555008 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by msrchandra@chromium.org
, Jun 27 2017Labels: M-61 Test-Predator-Wrong