Null-dereference WRITE in raise |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5790596332781568 Fuzzer: inferno_layout_test_unmodified Job Type: windows_asan_chrome_no_sandbox Platform Id: windows Crash Type: Null-dereference WRITE Crash Address: 0x00000000 Crash State: raise v8::internal::Runtime_AllocateInNewSpace v8::internal::Invoke Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=507253:507276 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5790596332781568 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Oct 7 2017
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/34de39bfab25bc1a31a2db7c764492d5325c6546 ([turbofan] Add support to inline new Array(n) calls.). If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.
,
Oct 9 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/2bb704e886acc46e23254324d00413654fb80ac6 commit 2bb704e886acc46e23254324d00413654fb80ac6 Author: Benedikt Meurer <bmeurer@chromium.org> Date: Mon Oct 09 07:49:41 2017 Fix JSArray::kInitialMaxFastElementArray to make sense for 32-bit platforms. Bug: chromium:772672 , v8:6399 Change-Id: Ib44f5c5c2a62a8ec2cd824ba57a1af8f456853af Reviewed-on: https://chromium-review.googlesource.com/706782 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#48364} [modify] https://crrev.com/2bb704e886acc46e23254324d00413654fb80ac6/src/builtins/builtins-constructor.h [modify] https://crrev.com/2bb704e886acc46e23254324d00413654fb80ac6/src/objects.h [add] https://crrev.com/2bb704e886acc46e23254324d00413654fb80ac6/test/mjsunit/regress/regress-crbug-772672.js
,
Oct 9 2017
,
Oct 10 2017
Issue 772989 has been merged into this issue.
,
Oct 10 2017
,
Oct 10 2017
ClusterFuzz has detected this issue as fixed in range 507362:507375. Detailed report: https://clusterfuzz.com/testcase?key=5790596332781568 Fuzzer: inferno_layout_test_unmodified Job Type: windows_asan_chrome_no_sandbox Platform Id: windows Crash Type: Null-dereference WRITE Crash Address: 0x00000000 Crash State: raise v8::internal::Runtime_AllocateInNewSpace v8::internal::Invoke Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=507253:507276 Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=507362:507375 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5790596332781568 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 10 2017
ClusterFuzz testcase 5790596332781568 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 7 2017
,
Nov 7 2017
|
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by ClusterFuzz
, Oct 7 2017Labels: Test-Predator-AutoComponents