New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 779407 link

Starred by 1 user

Issue metadata

Status: Verified
Owner:
OOO until 2019-02-10
Closed: Nov 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug-Security



Sign in to add a comment

DCHECK failure in !done() || handler_ == nullptr in frames.cc

Project Member Reported by ClusterFuzz, Oct 29 2017

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=4961911820255232

Fuzzer: ochang_js_fuzzer
Job Type: linux_asan_d8_v8_arm64_dbg
Platform Id: linux

Crash Type: DCHECK failure
Crash Address: 
Crash State:
  !done() || handler_ == nullptr in frames.cc
  v8::internal::StackFrameIterator::Advance
  PrintFrames
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_v8_arm64_dbg&range=46837:46838

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4961911820255232

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 
Project Member

Comment 1 by sheriffbot@chromium.org, Oct 30 2017

Labels: Pri-1
Project Member

Comment 2 by ClusterFuzz, Oct 31 2017

Labels: Test-Predator-AutoOwner
Owner: petermarshall@chromium.org
Status: Assigned (was: Untriaged)
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/e8c9649e2570c7e278e70a6584738a3c3f828b2b ([builtins] Increase the maximum string length on 64-bit platforms.).

If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.
Cc: jgruber@chromium.org
Labels: -Pri-1 -Security_Severity-High Security_Severity-Low Pri-2
Project Member

Comment 4 by bugdroid1@chromium.org, Nov 6 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/f155445f373e27b3d425a037ce63df0c550372a1

commit f155445f373e27b3d425a037ce63df0c550372a1
Author: Peter Marshall <petermarshall@chromium.org>
Date: Mon Nov 06 13:03:45 2017

[regexp] Fix incorrect string length check on arm64.

The maximum length of the chars in bytes was hardcoded and was not
updated with the increase in string length on 64-bit platforms.
The other platforms don't do this debug check so they don't need
updating.

Bug:  chromium:779407 
Change-Id: I94fd946f9e67b39075c1f7eed14a20e9db126a72
Reviewed-on: https://chromium-review.googlesource.com/753584
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49142}
[modify] https://crrev.com/f155445f373e27b3d425a037ce63df0c550372a1/src/objects/string.h
[modify] https://crrev.com/f155445f373e27b3d425a037ce63df0c550372a1/src/regexp/arm64/regexp-macro-assembler-arm64.cc
[add] https://crrev.com/f155445f373e27b3d425a037ce63df0c550372a1/test/mjsunit/regress/regress-779407.js

Project Member

Comment 5 by ClusterFuzz, Nov 7 2017

ClusterFuzz has detected this issue as fixed in range 49141:49142.

Detailed report: https://clusterfuzz.com/testcase?key=4961911820255232

Fuzzer: ochang_js_fuzzer
Job Type: linux_asan_d8_v8_arm64_dbg
Platform Id: linux

Crash Type: DCHECK failure
Crash Address: 
Crash State:
  !done() || handler_ == nullptr in frames.cc
  v8::internal::StackFrameIterator::Advance
  PrintFrames
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_v8_arm64_dbg&range=46837:46838
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_d8_v8_arm64_dbg&range=49141:49142

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4961911820255232

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 6 by ClusterFuzz, Nov 7 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 4961911820255232 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Project Member

Comment 7 by sheriffbot@chromium.org, Nov 7 2017

Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify
Labels: -Test-Predator-AutoOwner Test-Predator-Auto-Owner
Project Member

Comment 9 by sheriffbot@chromium.org, Feb 13 2018

Labels: -Restrict-View-SecurityNotify allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment