Issue metadata
Sign in to add a comment
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (len < LengthField::kMax) in objects- |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5067316416217088 Job Type: linux_asan_d8_dbg Crash Type: CHECK failure Crash Address: Crash State: !v8::internal::FLAG_enable_slow_asserts || (len < LengthField::kMax) in objects- v8::internal::PropertyArray::initialize_length v8::internal::Heap::AllocatePropertyArray Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=46849:46850 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5067316416217088 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Nov 30 2017
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/fe18ad65806cc17f669575aeec3defb368bfff6c (Reland "[runtime] Load only 10 bits as PropertyArray length"). If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.
,
Nov 30 2017
,
Nov 30 2017
,
Dec 14 2017
ClusterFuzz has detected this issue as fixed in range 50085:50086. Detailed report: https://clusterfuzz.com/testcase?key=5067316416217088 Job Type: linux_asan_d8_dbg Crash Type: CHECK failure Crash Address: Crash State: !v8::internal::FLAG_enable_slow_asserts || (len < LengthField::kMax) in objects- v8::internal::PropertyArray::initialize_length v8::internal::Heap::AllocatePropertyArray Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=46849:46850 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=50085:50086 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5067316416217088 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Dec 14 2017
ClusterFuzz testcase 5067316416217088 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Dec 14 2017
,
Dec 16 2017
,
Dec 16 2017
This bug requires manual review: M64 has already been promoted to the beta branch, so this requires manual review Please contact the milestone owner if you have questions. Owners: cmasso@(Android), cmasso@(iOS), kbleicher@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Dec 18 2017
Can you please mark all OS's this impacts?
,
Dec 18 2017
abdulsyed@ - good for 64 (for reference, I believe the fix to be merged is https://chromium.googlesource.com/v8/v8/+/3ecb047abae69064052f268896afd3fe0824e0ce)
,
Dec 18 2017
gsathya@ - can you please confirm if this is well tested in Canary? And overall safe to merge in M64?
,
Dec 18 2017
,
Dec 19 2017
Yes -- looks like fix went into 65.0.3295.0 which was released on Dec 16 https://chromiumdash-staging.googleplex.com/commit/3ecb047abae69064052f268896afd3fe0824e0ce
,
Dec 19 2017
,
Dec 19 2017
Approving merge for M64. Branch:3282
,
Jan 3 2018
can you confirm if this has been merged yet?
,
Jan 4 2018
Merged in 6.4 here: https://chromium-review.googlesource.com/c/v8/v8/+/849654
,
Jan 5 2018
Please merge the approved cl(s) to M64 release branch 3282 as soon as possible.
,
Jan 5 2018
,
Mar 29 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Nov 30 2017Labels: Test-Predator-Auto-Components