Null-dereference READ in v8::internal::Zone::New |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5738724718280704 Fuzzer: mbarbella_js_mutation Job Type: linux_ubsan_vptr_d8 Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000038 Crash State: v8::internal::Zone::New v8::internal::compiler::AddReducer v8::internal::compiler::PipelineWasmCompilationJob::ExecuteJobImpl Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_d8&range=53257:53258 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5738724718280704 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
May 18 2018
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/d97d095a3196ee5270358c0192859bd4d9333861 ([turbolizer] Show for each node from which node it was created from). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Jun 11 2018
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/72e062aa8293562951dffdb435b52687b66a0b67 commit 72e062aa8293562951dffdb435b52687b66a0b67 Author: Stephan Herhut <herhut@chromium.org> Date: Mon Jun 11 13:20:58 2018 [wasm] Correctly init zone in PipelineData The graph_zone_ field in PipelineData was initialized to nullptr instead of the correct zone when running the wasm compilation pipeline. Now it is set to the actual zone of the graph that is being compiled. Bug: chromium:844591 Change-Id: I8d9a688a292471a45dedcd01b03244baed60e378 Reviewed-on: https://chromium-review.googlesource.com/1095254 Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Stephan Herhut <herhut@chromium.org> Cr-Commit-Position: refs/heads/master@{#53638} [modify] https://crrev.com/72e062aa8293562951dffdb435b52687b66a0b67/src/compiler/pipeline.cc
,
Jun 12 2018
ClusterFuzz has detected this issue as fixed in range 53637:53638. Detailed report: https://clusterfuzz.com/testcase?key=5738724718280704 Fuzzer: mbarbella_js_mutation Job Type: linux_ubsan_vptr_d8 Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000038 Crash State: v8::internal::Zone::New v8::internal::compiler::AddReducer v8::internal::compiler::PipelineWasmCompilationJob::ExecuteJobImpl Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_d8&range=53257:53258 Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_d8&range=53637:53638 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5738724718280704 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 12 2018
ClusterFuzz testcase 5738724718280704 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||
►
Sign in to add a comment |
|||
Comment 1 by ClusterFuzz
, May 18 2018Labels: Test-Predator-Auto-Components