Issue metadata
Sign in to add a comment
|
DCHECK failure in is_wasm_memory == GetIsolate()->wasm_engine()->memory_tracker()->IsWasmMemory( b |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5658570541236224 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: DCHECK failure Crash Address: Crash State: is_wasm_memory == GetIsolate()->wasm_engine()->memory_tracker()->IsWasmMemory( b v8::internal::JSArrayBuffer::is_wasm_memory v8::ArrayBuffer::GetContents Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=52162:52163 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5658570541236224 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Mar 23 2018
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/d31dff841e5be4d89e43434ef08f2cc5659f8cfa ([wasm] always allocate memory when guard regions are needed). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Mar 23 2018
,
Mar 24 2018
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/ff43bbe6131b78f9bcd871dc08f4142ef18eb634 commit ff43bbe6131b78f9bcd871dc08f4142ef18eb634 Author: Eric Holk <eholk@chromium.org> Date: Sat Mar 24 00:30:23 2018 [wasm] clear is_wasm_memory flag when neutering ArrayBuffers Bug: chromium:825087 Change-Id: I2eb163e5399e98da75cd1e4ad6f0a62d6da4ae2c Reviewed-on: https://chromium-review.googlesource.com/978840 Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Eric Holk <eholk@chromium.org> Cr-Commit-Position: refs/heads/master@{#52198} [modify] https://crrev.com/ff43bbe6131b78f9bcd871dc08f4142ef18eb634/src/objects/js-array.h [modify] https://crrev.com/ff43bbe6131b78f9bcd871dc08f4142ef18eb634/src/wasm/wasm-memory.cc [add] https://crrev.com/ff43bbe6131b78f9bcd871dc08f4142ef18eb634/test/mjsunit/regress/wasm/regress-825087a.js [add] https://crrev.com/ff43bbe6131b78f9bcd871dc08f4142ef18eb634/test/mjsunit/regress/wasm/regress-825087b.js
,
Mar 24 2018
ClusterFuzz has detected this issue as fixed in range 52197:52198. Detailed report: https://clusterfuzz.com/testcase?key=5658570541236224 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_dbg Platform Id: linux Crash Type: DCHECK failure Crash Address: Crash State: is_wasm_memory == GetIsolate()->wasm_engine()->memory_tracker()->IsWasmMemory( b v8::internal::JSArrayBuffer::is_wasm_memory v8::ArrayBuffer::GetContents Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=52162:52163 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=52197:52198 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5658570541236224 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 24 2018
ClusterFuzz testcase 5658570541236224 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Mar 24 2018
,
Jun 30 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 28
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Mar 23 2018Labels: Test-Predator-Auto-Components