Issue 872408 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	mvstan...@chromium.org
Closed:	Oct 19
Components:	Blink>JavaScript
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	1
Type:	Bug
Stability-Crash Reproducible Clusterfuzz Stability-UndefinedBehaviorSanitizer

Null-dereference READ in unsigned long v8::base::AsAtomicWord::Relaxed_Load<unsigned long>

Project Member Reported by ClusterFuzz, Aug 8

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=6049058159067136

Fuzzer: ochang_js_fuzzer
Job Type: linux_cfi_d8
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000000
Crash State:
  unsigned long v8::base::AsAtomicWord::Relaxed_Load<unsigned long>
  bool v8::internal::MemoryChunk::IsFlagSet<
  RecordSlot
  
Sanitizer: cfi (CFI)

Regressed: https://clusterfuzz.com/revisions?job=linux_cfi_d8&range=54973:54974

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6049058159067136

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Comment 1 by mstarzinger@chromium.org, Aug 9

Owner: mvstan...@chromium.org
Status: Assigned (was: Untriaged)

Comment 2 by titzer@chromium.org, Aug 9

Assigning mvstanton@ to take a look, since CF bisected it to that CL, and the test has splice in it. Did not reproduce with my ToT debug build with the provided gn args, but did not try the clusterfuzz reproduction script due to an authentication issue.

Comment 3 by mvstan...@chromium.org, Oct 19

Status: WontFix (was: Assigned)

The CL was re-submitted a month later with important changes. I think we can just close this one.

►

Issue 872408 link

Issue metadata

Null-dereference READ in unsigned long v8::base::AsAtomicWord::Relaxed_Load<unsigned long>

Issue description

Comment 1 by mstarzinger@chromium.org, Aug 9

Comment 1 Deleted

Comment 2 by titzer@chromium.org, Aug 9

Comment 2 Deleted

Comment 3 by mvstan...@chromium.org, Oct 19

Comment 3 Deleted

Sign in to add a comment