Null-dereference READ in v8::internal::wasm::ThreadImpl::PushFrame |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5962786470625280 Fuzzer: inferno_js_fuzzer Job Type: windows_asan_d8 Platform Id: windows Crash Type: Null-dereference READ Crash Address: 0x0000000c Crash State: v8::internal::wasm::ThreadImpl::PushFrame v8::internal::wasm::ThreadImpl::DoCall v8::internal::wasm::ThreadImpl::Execute Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_d8&range=505205:505260 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5962786470625280 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Oct 4 2017
Requires "--wasm-interpret-all" to reproduce. Feel free to lower priority accordingly. In debug mode the following DCHECK fires ... # # Fatal error in ../src/wasm/wasm-interpreter.cc, line 1735 # Debug check failed: !target->function->imported. #
,
Oct 4 2017
,
Oct 17 2017
ClusterFuzz has detected this issue as fixed in range 509045:509081. Detailed report: https://clusterfuzz.com/testcase?key=5962786470625280 Fuzzer: inferno_js_fuzzer Job Type: windows_asan_d8 Platform Id: windows Crash Type: Null-dereference READ Crash Address: 0x0000000c Crash State: v8::internal::wasm::ThreadImpl::PushFrame v8::internal::wasm::ThreadImpl::DoCall v8::internal::wasm::ThreadImpl::Execute Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_d8&range=505205:505260 Fixed: https://clusterfuzz.com/revisions?job=windows_asan_d8&range=509045:509081 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5962786470625280 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 17 2017
ClusterFuzz testcase 5962786470625280 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Oct 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/bff42d35946eb31621103227cd76e863d7985e14 commit bff42d35946eb31621103227cd76e863d7985e14 Author: Ben L. Titzer <titzer@chromium.org> Date: Tue Oct 17 12:04:40 2017 [wasm] Add regression tests for some recently fixed WasmInterpreter issues. R=clemensh@chromium.org Bug: chromium:766003 , chromium:772332 , chromium:771243 Change-Id: I1e2df014f31a87fd94154277d1a415ec359d42df Reviewed-on: https://chromium-review.googlesource.com/721666 Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#48635} [add] https://crrev.com/bff42d35946eb31621103227cd76e863d7985e14/test/mjsunit/regress/wasm/regress-766003.js [add] https://crrev.com/bff42d35946eb31621103227cd76e863d7985e14/test/mjsunit/regress/wasm/regress-771243.js [add] https://crrev.com/bff42d35946eb31621103227cd76e863d7985e14/test/mjsunit/regress/wasm/regress-772332.js
,
Nov 7 2017
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ClusterFuzz
, Oct 3 2017Labels: Test-Predator-AutoComponents