Direct-leak in AllocateAndInitializeSlotSet |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5050725519589376 Fuzzer: afl_v8_serialized_script_value_fuzzer Job Type: afl_chrome_asan Platform Id: linux Crash Type: Direct-leak Crash Address: Crash State: AllocateAndInitializeSlotSet v8::internal::SlotSet* v8::internal::MemoryChunk::AllocateSlotSet< Insert<v8::internal::AccessMode::ATOMIC> Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=480804:481002 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5050725519589376 Additional requirements: Requires Gestures Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Sep 13 2017
,
Sep 15 2017
Regression range contains 0a67fdf63aeddbcd8ec955fa3fa3c3e56f8e15ce ([heap] Avoid concurrent accessors when releasing slot sets). It's a wild guess, but Michael, can you take a look at this?
,
Sep 15 2017
I am investigating a related bug.
,
Oct 24 2017
For more information, please see https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md. The link referenced in the description is no longer valid.
,
Nov 14 2017
ClusterFuzz testcase 5050725519589376 is flaky and no longer crashes, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by kkaluri@chromium.org
, Sep 13 2017Components: Blink>JavaScript