Null-dereference READ in v8::internal::FunctionLiteral::kind |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5689884189392896 Fuzzer: mbarbella_js_mutation Job Type: linux_ubsan_vptr_d8 Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000028 Crash State: v8::internal::FunctionLiteral::kind v8::internal::Scope::DeclareVariable Declare Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_d8&range=57182:57183 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5689884189392896 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Nov 1
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/54cc05553bc2c8ff6502973083f6e264c2b7beee (Reland "[parser] Remove RETURN_IF* part 16"). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Nov 2
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/9884930b3225675e2c88ada54905800ee99f257c commit 9884930b3225675e2c88ada54905800ee99f257c Author: Toon Verwaest <verwaest@chromium.org> Date: Fri Nov 02 10:27:23 2018 [parser] Simplify Scope::DeclareVariable Restructure the code a little, and change how we detect sloppy block function redeclaration so we don't dereference a possibly nullptr function. Bug: chromium:900786 Change-Id: Ief124fe767603ca36f4dc8865c4aeb3e0635b4cf Reviewed-on: https://chromium-review.googlesource.com/c/1314331 Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#57206} [modify] https://crrev.com/9884930b3225675e2c88ada54905800ee99f257c/src/ast/ast.h [modify] https://crrev.com/9884930b3225675e2c88ada54905800ee99f257c/src/ast/scopes.cc [modify] https://crrev.com/9884930b3225675e2c88ada54905800ee99f257c/src/ast/scopes.h [modify] https://crrev.com/9884930b3225675e2c88ada54905800ee99f257c/src/ast/variables.h [modify] https://crrev.com/9884930b3225675e2c88ada54905800ee99f257c/src/globals.h [modify] https://crrev.com/9884930b3225675e2c88ada54905800ee99f257c/src/parsing/parser.cc [add] https://crrev.com/9884930b3225675e2c88ada54905800ee99f257c/test/mjsunit/regress/regress-900786.js
,
Nov 3
ClusterFuzz has detected this issue as fixed in range 57205:57206. Detailed report: https://clusterfuzz.com/testcase?key=5689884189392896 Fuzzer: mbarbella_js_mutation Job Type: linux_ubsan_vptr_d8 Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000028 Crash State: v8::internal::FunctionLiteral::kind v8::internal::Scope::DeclareVariable Declare Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_d8&range=57182:57183 Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_d8&range=57205:57206 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5689884189392896 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 3
ClusterFuzz testcase 5689884189392896 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||
►
Sign in to add a comment |
|||
Comment 1 by ClusterFuzz
, Nov 1Labels: Test-Predator-Auto-Components