Issue metadata
Sign in to add a comment
|
Timeout in v8_regexp_parser_fuzzer |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5503568022077440 Fuzzer: libFuzzer_v8_regexp_parser_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Timeout (exceeds 25 secs) Crash Address: Crash State: v8_regexp_parser_fuzzer Sanitizer: undefined (UBSAN) Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5503568022077440 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. Note: This crash might not be reproducible with the provided testcase. That said, for the past 14 days we've been seeing this crash frequently. If you are unable to reproduce this, please try a speculative fix based on the crash stacktrace in the report. The fix can be verified by looking at the crash statistics in the report, a day after the fix is deployed. We will auto-close the bug if the crash is not seen for 14 days.
,
Nov 13 2017
Jakob, can you check? There are no \b or \B in the input, so I am not sure if it's a dupe of the old bug. Looks like "((..)|(.))*" causes exponential explosion, which is bad.
,
Nov 14 2017
Yes this looks like exponential backtracking, thanks for triaging. |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by kkaluri@chromium.org
, Nov 9 2017Components: Blink>JavaScript
Labels: Test-Predator-Wrong CF-NeedsTriage