Clusterfuzz generates %AbortJS(message) |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4717168229613568 Fuzzer: ochang_js_fuzzer Job Type: linux_cfi_d8 Platform Id: linux Crash Type: Ill Crash Address: 0x555786b5aeb2 Crash State: NULL Sanitizer: cfi (CFI) Regressed: https://clusterfuzz.com/revisions?job=linux_cfi_d8&range=53203:53204 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4717168229613568 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Oct 22
,
Oct 30
,
Dec 15
,
Jan 9
,
Jan 16
ClusterFuzz testcase 4717168229613568 is still reproducing on tip-of-tree build (trunk). If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase. Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by clemensh@chromium.org
, Oct 15Summary: Clusterfuzz generates %AbortJS(message)
The fuzzer still generates {eval("%AbortJS(message)")}. This snippet has been removed from the code base in 8c3c1b6c0f3e9b31ef586cff5fcfb0693d209891 in July. Is this still fallout from that? Because it's still contained in some corpus?