Issue metadata
Sign in to add a comment
|
Container-overflow in v8::internal::compiler::JsonPrintAllSourceWithPositions |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4972148754743296 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_arm_dbg Platform Id: linux Crash Type: Container-overflow READ 4 Crash Address: 0xee331bf8 Crash State: v8::internal::compiler::JsonPrintAllSourceWithPositions v8::internal::compiler::PipelineImpl::FinalizeCode v8::internal::compiler::PipelineCompilationJob::FinalizeJobImpl Sanitizer: address (ASAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_v8_arm_dbg&range=53210:53211 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4972148754743296 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
May 23 2018
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/c43d79f86d599cb873d9ce9a50d018291742bc51 ([turbolizer] Add inlining information to --trace-turbo). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
May 24 2018
,
May 24 2018
,
May 24 2018
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it. If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 24 2018
Note that this is behind the --trace-turbo flag. Fix is in flight.
,
May 24 2018
,
May 24 2018
This is strictly behind --trace-turbo a flag used for diagnostics output by V8 developers. This flag is not enabled in production. This should not be a release blocker.
,
May 24 2018
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/5da538d9e9e8ad26453c5a22a9a0e78ce6ae1d4d commit 5da538d9e9e8ad26453c5a22a9a0e78ce6ae1d4d Author: Sigurd Schneider <sigurds@chromium.org> Date: Thu May 24 14:21:53 2018 [turbolizer] Fix bug in graph visualizer Bug: chromium:846000 Change-Id: If74749f11c7e1e112090a18f79ebed1819535d24 Reviewed-on: https://chromium-review.googlesource.com/1071671 Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#53338} [modify] https://crrev.com/5da538d9e9e8ad26453c5a22a9a0e78ce6ae1d4d/src/compiler/graph-visualizer.cc [modify] https://crrev.com/5da538d9e9e8ad26453c5a22a9a0e78ce6ae1d4d/test/cctest/compiler/test-graph-visualizer.cc
,
May 25 2018
ClusterFuzz has detected this issue as fixed in range 53337:53338. Detailed report: https://clusterfuzz.com/testcase?key=4972148754743296 Fuzzer: mbarbella_js_mutation Job Type: linux_asan_d8_v8_arm_dbg Platform Id: linux Crash Type: Container-overflow READ 4 Crash Address: 0xee331bf8 Crash State: v8::internal::compiler::JsonPrintAllSourceWithPositions v8::internal::compiler::PipelineImpl::FinalizeCode v8::internal::compiler::PipelineCompilationJob::FinalizeJobImpl Sanitizer: address (ASAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_v8_arm_dbg&range=53210:53211 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_d8_v8_arm_dbg&range=53337:53338 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4972148754743296 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 25 2018
ClusterFuzz testcase 4972148754743296 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
May 25 2018
,
May 25 2018
,
May 26 2018
Your change meets the bar and is auto-approved for M68. Please go ahead and merge the CL to branch 3440 manually. Please contact milestone owner if you have questions. Owners: cmasso@(Android), kariahda@(iOS), bhthompson@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 28 2018
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/474d5cd0636e56ad19f106c02e984241ed613abb commit 474d5cd0636e56ad19f106c02e984241ed613abb Author: Sigurd Schneider <sigurds@chromium.org> Date: Mon May 28 07:45:26 2018 Merged: [turbolizer] Fix bug in graph visualizer Revision: 5da538d9e9e8ad26453c5a22a9a0e78ce6ae1d4d BUG= chromium:846000 LOG=N NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true TBR=hablich@chromium.org Change-Id: Icd12c0b1c4607fdff4912fa1ad2e6036aea1502a Reviewed-on: https://chromium-review.googlesource.com/1074655 Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/branch-heads/6.8@{#5} Cr-Branched-From: 44d7d7d6b1041b57644400a00cb3fee35f6c51b2-refs/heads/6.8.275@{#1} Cr-Branched-From: 5754f66f75136dc17b4c63fec84f31dfdb89186e-refs/heads/master@{#53286} [modify] https://crrev.com/474d5cd0636e56ad19f106c02e984241ed613abb/src/compiler/graph-visualizer.cc [modify] https://crrev.com/474d5cd0636e56ad19f106c02e984241ed613abb/test/cctest/compiler/test-graph-visualizer.cc
,
May 28 2018
,
Aug 31
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ClusterFuzz
, May 23 2018Labels: Test-Predator-Auto-Components