Null-dereference READ in v8::internal::wasm::ThreadImpl::HandleException |
||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4602973241212928 Fuzzer: libFuzzer_v8_wasm_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: v8::internal::wasm::ThreadImpl::HandleException v8::internal::wasm::ThreadImpl::DoStackCheck v8::internal::wasm::ThreadImpl::DoCall Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=513538:513577 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4602973241212928 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Nov 3 2017
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/793c52ed26daa002ba81a0bb4c20d809d0e33592 ([wasm] Improve stack check in the interpreter). If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.
,
Nov 7 2017
,
Nov 7 2017
,
Nov 7 2017
,
Nov 7 2017
,
Nov 20 2017
,
Nov 21 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/09323a6a17f7f24bf579b5696b448af9c34c3051 commit 09323a6a17f7f24bf579b5696b448af9c34c3051 Author: Andreas Haas <ahaas@chromium.org> Date: Tue Nov 21 14:49:55 2017 [wasm] Use activations of the interpreter in the fuzzers Typically the interpreter returns 0xdeadbeef to indicate an exception. However, for stack overflows a normal exception is used. The interpreter requires an activation, however, to deal with normal exceptions. With this CL we start an activation before we execute the fuzzer input in the interpreter. R=clemensh@chromium.org Bug: chromium:781103 Change-Id: I4fc3a18bfc2076aab9ff7d2324a3311fe222954a Reviewed-on: https://chromium-review.googlesource.com/776835 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#49545} [modify] https://crrev.com/09323a6a17f7f24bf579b5696b448af9c34c3051/test/common/wasm/wasm-module-runner.cc
,
Nov 22 2017
ClusterFuzz has detected this issue as fixed in range 518524:518538. Detailed report: https://clusterfuzz.com/testcase?key=4602973241212928 Fuzzer: libFuzzer_v8_wasm_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: v8::internal::wasm::ThreadImpl::HandleException v8::internal::wasm::ThreadImpl::DoStackCheck v8::internal::wasm::ThreadImpl::DoCall Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=513538:513577 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=518524:518538 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4602973241212928 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 22 2017
ClusterFuzz testcase 4602973241212928 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by ClusterFuzz
, Nov 3 2017Labels: Test-Predator-AutoComponents