Issue 872410 link

Starred by 1 user

Issue metadata

Status:	Fixed
Owner:	mvstan...@chromium.org
Closed:	Dec 27
Components:	Blink>JavaScript
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	1
Type:	Bug
Stability-Crash Reproducible Clusterfuzz Stability-UndefinedBehaviorSanitizer

Null-dereference READ in FromAddress

Project Member Reported by ClusterFuzz, Aug 8

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=6377487765078016

Fuzzer: ochang_js_fuzzer
Job Type: linux_ubsan_vptr_d8
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000000
Crash State:
  FromAddress
  RecordSlot
  RecordSlot
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_d8&range=54973:54974

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6377487765078016

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Comment 1 by mstarzinger@chromium.org, Aug 9

Owner: mvstan...@chromium.org
Status: Assigned (was: Untriaged)

Comment 2 by mvstan...@chromium.org, Dec 27

Status: Fixed (was: Assigned)

This was fixed by revert of first splice implementation, and didn't recur on landing an improved implementation.

►

Issue 872410 link

Issue metadata

Null-dereference READ in FromAddress

Issue description

Comment 1 by mstarzinger@chromium.org, Aug 9

Comment 1 Deleted

Comment 2 by mvstan...@chromium.org, Dec 27

Comment 2 Deleted

Sign in to add a comment