Ill in sandbox::ResourceLimits::AdjustCurrent |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4536804215881728 Fuzzer: inferno_layout_test_unmodified Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: Ill Crash Address: 0x7f6e56d79e28 Crash State: sandbox::ResourceLimits::AdjustCurrent v8::internal::wasm::NewArrayBuffer v8::internal::wasm::InstanceBuilder::Build Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=495357:495412 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4536804215881728 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Aug 28 2017
,
Aug 28 2017
The underlying issue seems to be that allocating/reserving the WebAssembly memory during instantiation of asm.js modules sometimes fails. This in itself is not really actionable, but the fact that we allocate memory at all when no {ArrayBuffer} is passed to the asm.js module is bogus. I have a fix in flight for issue 759327 that should alleviate this as well.
,
Aug 29 2017
ClusterFuzz has detected this issue as fixed in range 497813:497860. Detailed report: https://clusterfuzz.com/testcase?key=4536804215881728 Fuzzer: inferno_layout_test_unmodified Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: Ill Crash Address: 0x7f6e56d79e28 Crash State: sandbox::ResourceLimits::AdjustCurrent v8::internal::wasm::NewArrayBuffer v8::internal::wasm::InstanceBuilder::Build Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=495357:495412 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=497813:497860 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4536804215881728 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 29 2017
ClusterFuzz testcase 4536804215881728 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Aug 29 2017
This is now "fixed" due to the following change which addressed issue 759327 as well ... commit 89f839e5d0f1e1d27c637618f5763d702c9f5afd Author: Michael Starzinger <mstarzinger@chromium.org> Date: Mon Aug 28 15:01:30 2017 [asm.js] Correctly set minimum memory size to zero. This makes sure the minimum memory size for WebAssembly modules derived from asm.js is set to zero. It allows instatiation without allocating an underlying memory, when such memory is unused. It also fixes a bug in patching of embedded memory sizes for asm.js modules. R=ahaas@chromium.org TEST=mjsunit/regress/regress-crbug-759327 BUG= chromium:759327 Change-Id: If5a965b96a03cbb5ba15bc41fbaf359f74961f41 Reviewed-on: https://chromium-review.googlesource.com/637912 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#47646} [modify] https://crrev.com/89f839e5d0f1e1d27c637618f5763d702c9f5afd/src/asmjs/asm-parser.cc [modify] https://crrev.com/89f839e5d0f1e1d27c637618f5763d702c9f5afd/src/objects-printer.cc [modify] https://crrev.com/89f839e5d0f1e1d27c637618f5763d702c9f5afd/src/wasm/module-decoder.h [modify] https://crrev.com/89f839e5d0f1e1d27c637618f5763d702c9f5afd/src/wasm/wasm-module-builder.cc [modify] https://crrev.com/89f839e5d0f1e1d27c637618f5763d702c9f5afd/src/wasm/wasm-module-builder.h [add] https://crrev.com/89f839e5d0f1e1d27c637618f5763d702c9f5afd/test/mjsunit/regress/regress-crbug-759327.js |
||||
►
Sign in to add a comment |
||||
Comment 1 by msrchandra@chromium.org
, Aug 18 2017Labels: Test-Predator-Wrong-CLs M-62