New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 775597 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner:
Closed: Oct 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: ----
Type: Bug-Security



Sign in to add a comment

Bad-cast to v8::internal::BuiltinDeserializer from v8::internal::Deserializer<v8::internal::BuiltinDeserializerAllocator>

Project Member Reported by ClusterFuzz, Oct 17 2017

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=6262072039178240

Fuzzer: decoder_langfuzz
Job Type: linux_cfi_d8
Platform Id: linux

Crash Type: Bad-cast
Crash Address: 0x7f57ffb31580
Crash State:
  Bad-cast to v8::internal::BuiltinDeserializer from v8::internal::Deserializer<v8::internal::BuiltinDeserializerAllocator>
  
Sanitizer: cfi (CFI)

Recommended Security Severity: High

Regressed: https://clusterfuzz.com/revisions?job=linux_cfi_d8&range=48637:48638

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6262072039178240

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 
Project Member

Comment 1 by ClusterFuzz, Oct 17 2017

Labels: ClusterFuzz-Top-Crash ReleaseBlock-Beta M-63
Testcase 6262072039178240 is a top crash on ClusterFuzz for linux platform. Please prioritize fixing this crash.

Marking this crash as a Beta release blocker.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Project Member

Comment 2 by ClusterFuzz, Oct 17 2017

Labels: Test-Predator-AutoOwner
Owner: jgruber@chromium.org
Status: Assigned (was: Untriaged)
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/2b9a6d8908877a45f5a46eff0382b20d133acc22 ([snapshot] Add BuiltinDeserializerAllocator).

If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.

Comment 3 by gov...@chromium.org, Oct 17 2017

Cc: awhalley@chromium.org
M63 beta promotion is coming VERY soon. Your bug is labelled as Beta ReleaseBlock, pls make sure to land the fix and get it merged into the release branch ASAP. Thank you.


+awhalley@ (Security TPM).

Comment 4 by awhalley@google.com, Oct 17 2017

Labels: -M-63 M-64
The regression range is in M64, moving to that milestone.
Status: WontFix (was: Assigned)
This has been caught by bots as well, e.g. here: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20cfi/builds/11901

The CL has since been reverted so it's safe to close this.
Project Member

Comment 6 by ClusterFuzz, Oct 18 2017

ClusterFuzz has detected this issue as fixed in range 48640:48641.

Detailed report: https://clusterfuzz.com/testcase?key=6262072039178240

Fuzzer: decoder_langfuzz
Job Type: linux_cfi_d8
Platform Id: linux

Crash Type: Bad-cast
Crash Address: 0x7f57ffb31580
Crash State:
  Bad-cast to v8::internal::BuiltinDeserializer from v8::internal::Deserializer<v8::internal::BuiltinDeserializerAllocator>
  
Sanitizer: cfi (CFI)

Recommended Security Severity: High

Regressed: https://clusterfuzz.com/revisions?job=linux_cfi_d8&range=48637:48638
Fixed: https://clusterfuzz.com/revisions?job=linux_cfi_d8&range=48640:48641

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6262072039178240

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 7 by sheriffbot@chromium.org, Oct 18 2017

Labels: -reward-topanel reward-ineligible
Labels: -Test-Predator-AutoOwner Test-Predator-Auto-Owner
Project Member

Comment 9 by sheriffbot@chromium.org, Jan 24 2018

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment