New issue
Advanced search Search tips

Issue 875643 link

Starred by 1 user

Issue metadata

Status: Verified
Owner:
Closed: Sep 1
Cc:
Components:
EstimatedDays: ----
NextAction: 2018-09-05
OS: Windows
Pri: 1
Type: Bug



Sign in to add a comment

Fatal error in

Project Member Reported by ClusterFuzz, Aug 19

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=4760919218061312

Fuzzer: ochang_js_fuzzer_win
Job Type: windows_asan_d8
Platform Id: windows

Crash Type: Fatal error
Crash Address: 
Crash State:
  
  v8::platform::PrintStackTrace
  v8::internal::Runtime_GetNumberOption
  v8::internal::Snapshot::DefaultSnapshotBlob
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_d8&range=54793:54794

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4760919218061312

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 
Project Member

Comment 1 by ClusterFuzz, Aug 19

Labels: Fuzz-Blocker ReleaseBlock-Beta M-70
This crash occurs very frequently on android and windows platforms and is likely preventing the fuzzer ochang_js_fuzzer_win from making much progress. Fixing this will allow more bugs to be found.

Marking this bug as a blocker for next Beta release.

If this is incorrect, please add ClusterFuzz-Wrong label and remove the ReleaseBlock-Beta label.
Cc: ishell@chromium.org gsat...@chromium.org
Owner: ftang@chromium.org
Status: Assigned (was: Untriaged)
CF points to c9525de5727ec353dbf9621d10cac765a6dff4b5. PTAL
M70 already branched, and this bug is marked as RBB. Can we have the latest update on this issue?
Cc: -gsat...@chromium.org ftang@chromium.org adamk@chromium.org
Owner: gsat...@chromium.org
Thanks for the ping, this totally slipped through. Fix in review:
https://chromium-review.googlesource.com/c/v8/v8/+/1199910

I'll merge it back to M70 after we get some coverage.
NextAction: 2018-09-05
Project Member

Comment 6 by bugdroid1@chromium.org, Aug 31

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/992a4f61edf54e78668bd445a5875166d8289691

commit 992a4f61edf54e78668bd445a5875166d8289691
Author: Sathya Gunasekaran <gsathya@chromium.org>
Date: Fri Aug 31 23:56:33 2018

[Intl] Convert options arg to Object before processing it

This makes us spec compliant.

Bug:  chromium:875643 
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I489870495fe1d326991c99f0551fe3329268c984
Reviewed-on: https://chromium-review.googlesource.com/1199910
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55567}
[modify] https://crrev.com/992a4f61edf54e78668bd445a5875166d8289691/src/js/intl.js
[add] https://crrev.com/992a4f61edf54e78668bd445a5875166d8289691/test/intl/number-format/options.js
[add] https://crrev.com/992a4f61edf54e78668bd445a5875166d8289691/test/intl/regress-875643.js

Project Member

Comment 7 by ClusterFuzz, Sep 1

ClusterFuzz has detected this issue as fixed in range 55566:55567.

Detailed report: https://clusterfuzz.com/testcase?key=4760919218061312

Fuzzer: ochang_js_fuzzer_win
Job Type: windows_asan_d8
Platform Id: windows

Crash Type: Fatal error
Crash Address: 
Crash State:
  
  v8::platform::PrintStackTrace
  v8::internal::Runtime_GetNumberOption
  v8::internal::Snapshot::DefaultSnapshotBlob
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_d8&range=54793:54794
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_d8&range=55566:55567

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4760919218061312

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 8 by ClusterFuzz, Sep 1

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 4760919218061312 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Labels: Merge-TBD
[Auto-generated comment by a script] We noticed that this issue is targeted for M-70; it appears the fix may have landed after branch point, meaning a merge might be required. Please confirm if a merge is required here - if so add Merge-Request-70 label, otherwise remove Merge-TBD label. Thanks.
The NextAction date has arrived: 2018-09-05
Cc: hablich@chromium.org
Labels: Merge-Request-70
As per https://chromiumdash.appspot.com/commit/992a4f61edf54e78668bd445a5875166d8289691, we've got two days of canary coverage. This is a pretty simple fix and I'd like to backmerge it soon.
Labels: -Merge-Request-70 Merge-Approved-70
Labels: -Merge-TBD
Project Member

Comment 15 by sheriffbot@chromium.org, Sep 10

This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible!

If all merges have been completed, please remove any remaining Merge-Approved labels from this issue.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 16 by bugdroid1@chromium.org, Sep 10

Labels: merge-merged-7.0
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/192bc71a9fb897afad921a74377c0f0cd16f3f05

commit 192bc71a9fb897afad921a74377c0f0cd16f3f05
Author: Sathya Gunasekaran <gsathya@chromium.org>
Date: Mon Sep 10 17:31:00 2018

Merged: [Intl] Convert options arg to Object before processing it

Revision: 992a4f61edf54e78668bd445a5875166d8289691

BUG= chromium:875643 
LOG=N
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=adamk@chromium.org

Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I7af842bec360f8a7e09748f4210f78d0546e4f91
Reviewed-on: https://chromium-review.googlesource.com/1216783
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/branch-heads/7.0@{#15}
Cr-Branched-From: 6e2adae6f7f8e891cfd01f3280482b20590427a6-refs/heads/7.0.276@{#1}
Cr-Branched-From: bc08a8624cbbea7a2d30071472bc73ad9544eadf-refs/heads/master@{#55424}
[modify] https://crrev.com/192bc71a9fb897afad921a74377c0f0cd16f3f05/src/js/intl.js
[add] https://crrev.com/192bc71a9fb897afad921a74377c0f0cd16f3f05/test/intl/number-format/options.js
[add] https://crrev.com/192bc71a9fb897afad921a74377c0f0cd16f3f05/test/intl/regress-875643.js

Labels: -Merge-Approved-70 -merge-merged-7.0
Labels: merge-merged-7.0

Sign in to add a comment