Issue metadata
Sign in to add a comment
|
DCHECK failure in __isolate__->has_pending_exception() in runtime-module.cc |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6085702952681472 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: DCHECK failure Crash Address: Crash State: __isolate__->has_pending_exception() in runtime-module.cc v8::internal::__RT_impl_Runtime_DynamicImportCall v8::internal::Runtime_DynamicImportCall Sanitizer: address (ASAN) Regressed: V8: 46485:46486 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6085702952681472 Issue manually filed by: ishell See https://github.com/google/clusterfuzz-tools for more information.
,
Jul 17 2017
,
Jul 17 2017
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it. If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 17 2017
,
Jul 17 2017
Changing security impact/level since this is disabled by default (and requires a flag to turn on)
,
Jul 17 2017
,
Jul 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/c45b2291a7510945b417723e39818107f1d466b3 commit c45b2291a7510945b417723e39818107f1d466b3 Author: Sathya Gunasekaran <gsathya@chromium.org> Date: Mon Jul 17 22:07:41 2017 [modules] Propogate scheduled exception on ToString failure Also, add a couple of macros to handle error cases. R=adamk@chromium.org Bug: chromium:744292 Change-Id: I5dcb19ce67ec1aa4318d68d973d304cb07a65b80 Reviewed-on: https://chromium-review.googlesource.com/575394 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#46722} [modify] https://crrev.com/c45b2291a7510945b417723e39818107f1d466b3/src/isolate.cc [modify] https://crrev.com/c45b2291a7510945b417723e39818107f1d466b3/src/isolate.h [add] https://crrev.com/c45b2291a7510945b417723e39818107f1d466b3/test/mjsunit/regress/regress-744292.js
,
Jul 18 2017
ClusterFuzz has detected this issue as fixed in range 46721:46722. Detailed report: https://clusterfuzz.com/testcase?key=6085702952681472 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: DCHECK failure Crash Address: Crash State: __isolate__->has_pending_exception() in runtime-module.cc v8::internal::__RT_impl_Runtime_DynamicImportCall v8::internal::Runtime_DynamicImportCall Sanitizer: address (ASAN) Regressed: V8: 46485:46486 Fixed: V8: 46721:46722 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6085702952681472 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 18 2017
ClusterFuzz testcase 6085702952681472 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Jul 18 2017
,
Oct 24 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ishell@chromium.org
, Jul 17 2017Owner: gsat...@chromium.org
Status: Assigned (was: Untriaged)