Testcase 5460938458398720 is a top crash on ClusterFuzz for windows platform. Please prioritize fixing this crash.

Marking this crash as a Beta release blocker.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

adamk could you help triage this please? Thanks!

I assume this would be SecurityImpact_None as this is only in the D8 shell?

 std::string dir_name =
      DirName(IsAbsolutePath(source_url)
                  ? source_url
                  : NormalizePath(source_url, GetWorkingDirectory()));

The IsAbsolutePath function returns true if the path contains a colon, noting in a comment that this check is only an approximation of a proper check. 

The DirName function DCHECKs if the path doesn't contain a slash.

This is indeed SecurityImpact_None. And given the triage done by elawrence@, it's also a WontFix.

ClusterFuzz testcase 5460938458398720 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.

Should this issue get fixed (as a functional issue, to help unblock the fuzzer)? Or should we just do ClusterFuzz-Ignore here?

I'd prefer to not fix this, if possible, so marking ClusterFuzz-Ignore. But let me know if that's bad for some reason.

This crash occurs very frequently on windows platform and is likely preventing the fuzzer mbarbella_js_mutation from making much progress. Fixing this will allow more bugs to be found.

Marking this bug as a blocker for next Beta release.

If this is incorrect, please add ClusterFuzz-Wrong label and remove the ReleaseBlock-Beta label.

It sounds from #11 that this may be worth fixing, so assigning to myself.

For dynamic import, making this reject the promise would probably work. Not sure how to handle the static import case, but it seems like, perhaps, the fuzzer is not touching modules?

Hacky fix up at https://chromium-review.googlesource.com/c/v8/v8/+/912325, with a bug filed for better handling of this stuff in issue v8:7432.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/a36354c286f73c0b83ea6baf026c0a65b8a0d3aa

commit a36354c286f73c0b83ea6baf026c0a65b8a0d3aa
Author: Adam Klein <adamk@chromium.org>
Date: Sat Feb 10 01:06:02 2018

[d8] Always pass filename through NormalizePath for dynamic imports

d8's fragile path manipulation code requires that backslashes are
replaced with slashes before further processing. NormalizePath() is
the function that does this, and it's called in almost all the
required cases. But because of Clusterfuzz runs tests with
an absolute URL on the commandline, there was one case that
slipped through. This patch closes that gap.

No test added since this only reproduces under Clusterfuzz, not
in running mjsunit tests.

Bug:  chromium:784012 
Change-Id: Ie699e93ff1acb79edfe25ce59d576e9f7bd8c022
Reviewed-on: https://chromium-review.googlesource.com/912325
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51224}
[modify] https://crrev.com/a36354c286f73c0b83ea6baf026c0a65b8a0d3aa/src/d8.cc

ClusterFuzz has detected this issue as fixed in range 51223:51224.

Detailed report: https://clusterfuzz.com/testcase?key=5460938458398720

Fuzzer: mbarbella_js_mutation
Job Type: windows_asan_d8_dbg
Platform Id: windows

Crash Type: DCHECK failure
Crash Address: 
Crash State:
  last_slash != std::string::npos in d8.cc
  v8::platform::PrintStackTrace
  v8::Shell::DoHostImportModuleDynamically
  
Sanitizer: address (ASAN)

Fixed: https://clusterfuzz.com/revisions?job=windows_asan_d8_dbg&range=51223:51224

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5460938458398720

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5460938458398720 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot