Issue metadata
Sign in to add a comment
|
Heap-buffer-overflow in v8::internal::SharedFunctionInfo::GetSourceCodeHarmony |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6636079913631744 Fuzzer: mbarbella_js_mutation Job Type: windows_asan_d8_dbg Platform Id: windows Crash Type: Heap-buffer-overflow READ 4 Crash Address: 0x18f20d2c Crash State: v8::internal::SharedFunctionInfo::GetSourceCodeHarmony v8::internal::JSFunction::ToString v8::internal::Builtin_Impl_FunctionPrototypeToString Sanitizer: address (ASAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=windows_asan_d8_dbg&range=50147:50148 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6636079913631744 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Dec 19 2017
,
Dec 19 2017
,
Dec 19 2017
granting visibility to mlippautz who is going to review the fix.
,
Dec 19 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/ad126d46bb5cb7630189c641613043546960ee70 commit ad126d46bb5cb7630189c641613043546960ee70 Author: Yang Guo <yangguo@chromium.org> Date: Tue Dec 19 10:43:16 2017 Make SharedFunctionInfo::GetSourceCodeHarmony GC-safe. R=mlippautz@chromium.org Bug: chromium:795856 Change-Id: I2a631a94e4bc0c000842923a962e812e0370b837 Reviewed-on: https://chromium-review.googlesource.com/832454 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#50190} [modify] https://crrev.com/ad126d46bb5cb7630189c641613043546960ee70/src/objects.cc [modify] https://crrev.com/ad126d46bb5cb7630189c641613043546960ee70/src/objects/shared-function-info.h [modify] https://crrev.com/ad126d46bb5cb7630189c641613043546960ee70/src/runtime/runtime-function.cc
,
Dec 19 2017
,
Dec 19 2017
,
Dec 19 2017
,
Dec 20 2017
ClusterFuzz has detected this issue as fixed in range 50189:50190. Detailed report: https://clusterfuzz.com/testcase?key=6636079913631744 Fuzzer: mbarbella_js_mutation Job Type: windows_asan_d8_dbg Platform Id: windows Crash Type: Heap-buffer-overflow READ 4 Crash Address: 0x18f20d2c Crash State: v8::internal::SharedFunctionInfo::GetSourceCodeHarmony v8::internal::JSFunction::ToString v8::internal::Builtin_Impl_FunctionPrototypeToString Sanitizer: address (ASAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=windows_asan_d8_dbg&range=50147:50148 Fixed: https://clusterfuzz.com/revisions?job=windows_asan_d8_dbg&range=50189:50190 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6636079913631744 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Dec 20 2017
ClusterFuzz testcase 6636079913631744 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Mar 27 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Dec 18 2017Owner: yangguo@chromium.org
Status: Assigned (was: Untriaged)