Issue metadata
Sign in to add a comment
|
Timeout in v8_regexp_parser_fuzzer |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4835690117595136 Fuzzer: libFuzzer_v8_regexp_parser_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Timeout (exceeds 25 secs) Crash Address: Crash State: v8_regexp_parser_fuzzer Sanitizer: address (ASAN) Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4835690117595136 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. Note: This crash might not be reproducible with the provided testcase. That said, for the past 14 days we've been seeing this crash frequently. If you are unable to reproduce this, please try a speculative fix based on the crash stacktrace in the report. The fix can be verified by looking at the crash statistics in the report, a day after the fix is deployed. We will auto-close the bug if the crash is not seen for 14 days.
,
Oct 1 2017
Automatically applying components based on information from OWNERS files. If this seems incorrect, please apply the Test-Predator-Wrong-Components label.
,
Oct 19 2017
,
Oct 19 2017
Another instance of exponential backtracking. Simplified:
$ d8 --trace-regexp-parser
d8> /(a|){100000}c/.exec("abc")
(: (# 100000 100000 g (^ (| 'a' %))) 'c')
This produces 2^100000 possibilities to iterate before finally failing to match at 'a'.
,
Oct 23 2017
,
Nov 7 2017
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by msrchandra@chromium.org
, Sep 8 2017Components: Blink>JavaScript
Labels: Test-Predator-Correct-CLs
Owner: jgruber@chromium.org
Status: Assigned (was: Untriaged)