DCHECK failure in !it.done() in wasm-objects.cc |
|||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5726279063306240 Fuzzer: ochang_js_fuzzer Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: DCHECK failure Crash Address: Crash State: !it.done() in wasm-objects.cc v8::internal::WasmExportedFunction::GetWasmCode v8::internal::wasm::MakeWasmToWasmWrapper Sanitizer: address (ASAN) Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5726279063306240 Issue manually filed by: titzer See https://github.com/google/clusterfuzz-tools for more information.
,
Oct 16 2017
,
Oct 18 2017
,
Oct 18 2017
,
Oct 19 2017
Automatically applying components based on crash stacktrace and information from OWNERS files. If this is incorrect, please apply the Test-Predator-Wrong-Components label.
,
Oct 19 2017
,
Oct 19 2017
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it. If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 20 2017
Removing stable blocker, since this only occurs with --wasm-lazy-compilation
,
Oct 20 2017
This crash is happening because we are trying to get the compiled WASM code of an exported function that it itself has not yet been compiled, in order to compile a WASM to WASM wrapper.
,
Oct 22 2017
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it. If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 23 2017
Not security relevant for #8.
,
Oct 27 2017
Detailed report: https://clusterfuzz.com/testcase?key=5529695188942848 Fuzzer: ochang_js_fuzzer Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: Null-dereference WRITE Crash Address: 0x000000000000 Crash State: v8::internal::Invoke v8::internal::CallInternal CallExternalWasmFunction Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=48580:48581 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5529695188942848 See https://github.com/google/clusterfuzz-tools for more information.
,
Nov 7 2017
Issue 781954 has been merged into this issue.
,
Nov 7 2017
,
Nov 7 2017
,
Nov 17 2017
ClusterFuzz has detected this issue as fixed in range 49401:49402. Detailed report: https://clusterfuzz.com/testcase?key=5529695188942848 Fuzzer: ochang_js_fuzzer Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: Null-dereference WRITE Crash Address: 0x000000000000 Crash State: v8::internal::Invoke v8::internal::CallInternal CallExternalWasmFunction Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=48580:48581 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=49401:49402 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5529695188942848 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 17 2017
ClusterFuzz testcase 6548966954237952 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||||||||||
►
Sign in to add a comment |
|||||||||||||
Comment 1 by titzer@chromium.org
, Oct 16 2017Status: Assigned (was: Untriaged)