New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 813493 link

Starred by 1 user
Status: Verified
Owner:
yukishiino@chromium.org
Closed: Mar 2018
Cc:
jochen@chromium.org
brajkumar@chromium.org
adamk@chromium.org
haraken@chromium.org
ishell@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug-Regression



Sign in to add a comment

CHECK failure: !ScriptForbiddenScope::IsScriptForbidden() in V8PerIsolateData.cpp

Project Member Reported by ClusterFuzz, Feb 19 2018 
Detailed report: https://clusterfuzz.com/testcase?key=5306257578393600

Fuzzer: inferno_twister
Job Type: windows_asan_content_shell
Platform Id: windows

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !ScriptForbiddenScope::IsScriptForbidden() in V8PerIsolateData.cpp
  blink::BeforeCallEnteredCallback
  v8::Function::Call
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=531299:531319

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5306257578393600

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Comment 1 by brajkumar@chromium.org, Feb 20 2018

Cc: brajkumar@chromium.org
Components: Blink>JavaScript
Labels: -Type-Bug M-66 CF-NeedsTriage Type-Bug-Regression
Considering the above issue is related to V8, hence marking it as untriaged for more inputs.

Thanks!

Comment 2 by hablich@chromium.org, Feb 26 2018

Owner: ishell@chromium.org
Status: Assigned (was: Untriaged)
assignign to cf sheriff.

Comment 3 by ishell@chromium.org, Feb 28 2018

Cc: haraken@chromium.org ishell@chromium.org jochen@chromium.org adamk@chromium.org
Owner: yukishiino@chromium.org
Attempt to throw stack overflow exception is going to execute some JS code being in ScriptForbiddenScope.
Project Member

Comment 4 by bugdroid1@chromium.org, Mar 26 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6a4762ecfa1eda49d5784b1c654c48c289bb4cb7

commit 6a4762ecfa1eda49d5784b1c654c48c289bb4cb7
Author: Yuki Shiino <yukishiino@chromium.org>
Date: Mon Mar 26 12:08:53 2018

v8binding: Allow to throw stackoverflow in ScriptForbiddenScope.

Allows to throw a stackoverflow exception in ScriptForbiddenScope.

Bug:  813493 
Change-Id: I75ebd44533b559369032fc750140bb22cb0c272a
Reviewed-on: https://chromium-review.googlesource.com/980013
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Yuki Shiino <yukishiino@chromium.org>
Cr-Commit-Position: refs/heads/master@{#545765}
[modify] https://crrev.com/6a4762ecfa1eda49d5784b1c654c48c289bb4cb7/third_party/WebKit/Source/bindings/core/v8/V8ScriptRunner.cpp

Comment 5 by yukishiino@chromium.org, Mar 26 2018

Status: Fixed (was: Assigned)
Project Member

Comment 6 by ClusterFuzz, Mar 29 2018 

ClusterFuzz has detected this issue as fixed in range 545761:545765.

Detailed report: https://clusterfuzz.com/testcase?key=5306257578393600

Fuzzer: inferno_twister
Job Type: windows_asan_content_shell
Platform Id: windows

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !ScriptForbiddenScope::IsScriptForbidden() in V8PerIsolateData.cpp
  blink::BeforeCallEnteredCallback
  v8::Function::Call
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=531299:531319
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=545761:545765

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5306257578393600

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 7 by ClusterFuzz, Mar 29 2018

Labels: ClusterFuzz-Verified
Status: Verified (was: Fixed)
ClusterFuzz testcase 5306257578393600 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment