Issue metadata
Sign in to add a comment
|
DCHECK failure in !done() || handler_ == nullptr in frames.cc |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4961911820255232 Fuzzer: ochang_js_fuzzer Job Type: linux_asan_d8_v8_arm64_dbg Platform Id: linux Crash Type: DCHECK failure Crash Address: Crash State: !done() || handler_ == nullptr in frames.cc v8::internal::StackFrameIterator::Advance PrintFrames Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_v8_arm64_dbg&range=46837:46838 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4961911820255232 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Oct 31 2017
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/e8c9649e2570c7e278e70a6584738a3c3f828b2b ([builtins] Increase the maximum string length on 64-bit platforms.). If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.
,
Nov 3 2017
,
Nov 6 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/f155445f373e27b3d425a037ce63df0c550372a1 commit f155445f373e27b3d425a037ce63df0c550372a1 Author: Peter Marshall <petermarshall@chromium.org> Date: Mon Nov 06 13:03:45 2017 [regexp] Fix incorrect string length check on arm64. The maximum length of the chars in bytes was hardcoded and was not updated with the increase in string length on 64-bit platforms. The other platforms don't do this debug check so they don't need updating. Bug: chromium:779407 Change-Id: I94fd946f9e67b39075c1f7eed14a20e9db126a72 Reviewed-on: https://chromium-review.googlesource.com/753584 Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#49142} [modify] https://crrev.com/f155445f373e27b3d425a037ce63df0c550372a1/src/objects/string.h [modify] https://crrev.com/f155445f373e27b3d425a037ce63df0c550372a1/src/regexp/arm64/regexp-macro-assembler-arm64.cc [add] https://crrev.com/f155445f373e27b3d425a037ce63df0c550372a1/test/mjsunit/regress/regress-779407.js
,
Nov 7 2017
ClusterFuzz has detected this issue as fixed in range 49141:49142. Detailed report: https://clusterfuzz.com/testcase?key=4961911820255232 Fuzzer: ochang_js_fuzzer Job Type: linux_asan_d8_v8_arm64_dbg Platform Id: linux Crash Type: DCHECK failure Crash Address: Crash State: !done() || handler_ == nullptr in frames.cc v8::internal::StackFrameIterator::Advance PrintFrames Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_v8_arm64_dbg&range=46837:46838 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_d8_v8_arm64_dbg&range=49141:49142 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4961911820255232 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 7 2017
ClusterFuzz testcase 4961911820255232 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 7 2017
,
Nov 7 2017
,
Feb 13 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Oct 30 2017