Ill in v8::internal::Decoder::DecodeTypeImmediate |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5037455974858752 Fuzzer: ochang_js_fuzzer Job Type: linux_asan_d8_v8_mipsel_dbg Platform Id: linux Crash Type: Ill Crash Address: 0xf2b5b83e Crash State: v8::internal::Decoder::DecodeTypeImmediate v8::internal::Decoder::InstructionDecode disasm::Disassembler::InstructionDecode Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_v8_mipsel_dbg&range=50165:50166 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5037455974858752 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Jan 9 2018
,
Jan 9 2018
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/453d60b1e90f96269935882755939ec6584eeca3 commit 453d60b1e90f96269935882755939ec6584eeca3 Author: Clemens Hammacher <clemensh@chromium.org> Date: Tue Jan 09 14:11:13 2018 [wasm] Fix code printing for off-the-heap code We were trying to disassemble the whole body of a function, including safepoints and the constant pool. This lead to DCHECK errors on mips. This CL fixes that, and adds printing of source positions. It also fixes the output of instructions size to only contain the instructions for both on-the-heap and off-the-heap code. R=titzer@chromium.org Bug: chromium:800233 Change-Id: Idb15a779680af7997eb78aea2a329189b684d53e Reviewed-on: https://chromium-review.googlesource.com/856458 Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#50444} [modify] https://crrev.com/453d60b1e90f96269935882755939ec6584eeca3/src/compiler/wasm-compiler.cc [modify] https://crrev.com/453d60b1e90f96269935882755939ec6584eeca3/src/objects.cc [modify] https://crrev.com/453d60b1e90f96269935882755939ec6584eeca3/src/wasm/wasm-code-manager.cc [modify] https://crrev.com/453d60b1e90f96269935882755939ec6584eeca3/src/wasm/wasm-code-manager.h
,
Jan 9 2018
,
Jan 10 2018
ClusterFuzz has detected this issue as fixed in range 50443:50444. Detailed report: https://clusterfuzz.com/testcase?key=5037455974858752 Fuzzer: ochang_js_fuzzer Job Type: linux_asan_d8_v8_mipsel_dbg Platform Id: linux Crash Type: Ill Crash Address: 0xf2b5b83e Crash State: v8::internal::Decoder::DecodeTypeImmediate v8::internal::Decoder::InstructionDecode disasm::Disassembler::InstructionDecode Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_v8_mipsel_dbg&range=50165:50166 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_d8_v8_mipsel_dbg&range=50443:50444 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5037455974858752 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 10 2018
ClusterFuzz testcase 5037455974858752 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by ClusterFuzz
, Jan 9 2018Owner: clemensh@chromium.org
Status: Assigned (was: Untriaged)