CHECK failure: args.Length() == 0 in ignition-statistics-extension.cc |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5359588298981376 Fuzzer: inferno_js_fuzzer Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: args.Length() == 0 in ignition-statistics-extension.cc v8::internal::IgnitionStatisticsExtension::GetIgnitionDispatchCounters v8::internal::FunctionCallbackArguments::Call Sanitizer: address (ASAN) Regressed: V8: 44701:44702 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5359588298981376 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 7 2017
,
Jul 7 2017
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it. If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 7 2017
,
Jul 10 2017
Not actually a security issue, just an overzealous DCHECK. Fix incoming.
,
Jul 10 2017
,
Jul 10 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/c77d9da45cf1bfc7d17adc33393c8196a684d5e9 commit c77d9da45cf1bfc7d17adc33393c8196a684d5e9 Author: Ross McIlroy <rmcilroy@chromium.org> Date: Mon Jul 10 15:09:54 2017 Remove overzelous DCHECK in ignition-statistics-extension. It doesn't actually matter if we have arguments to the call, we just ignore them. BUG= chromium:740037 Change-Id: I50600c3ee5902e7de6ac558833e3ed9cd1a9a28f Reviewed-on: https://chromium-review.googlesource.com/565509 Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#46526} [modify] https://crrev.com/c77d9da45cf1bfc7d17adc33393c8196a684d5e9/src/extensions/ignition-statistics-extension.cc
,
Jul 10 2017
,
Jul 11 2017
ClusterFuzz has detected this issue as fixed in range 46525:46526. Detailed report: https://clusterfuzz.com/testcase?key=5359588298981376 Fuzzer: inferno_js_fuzzer Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: args.Length() == 0 in ignition-statistics-extension.cc v8::internal::IgnitionStatisticsExtension::GetIgnitionDispatchCounters v8::internal::FunctionCallbackArguments::Call Sanitizer: address (ASAN) Regressed: V8: 44701:44702 Fixed: V8: 46525:46526 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5359588298981376 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by clemensh@chromium.org
, Jul 7 2017Owner: rmcilroy@chromium.org
Status: Assigned (was: Untriaged)