Null-dereference READ in v8::internal::Scope::zone |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4804852701724672 Fuzzer: libFuzzer_javascript_parser_proto_fuzzer Fuzz target binary: javascript_parser_proto_fuzzer Job Type: x86_libfuzzer_chrome_asan Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x00000000 Crash State: v8::internal::Scope::zone v8::internal::ParserBase<v8::internal::Parser>::FunctionState::FunctionState v8::internal::ParserBase<v8::internal::Parser>::ParseArrowFunctionLiteral Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=x86_libfuzzer_chrome_asan&range=620357:620366 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4804852701724672 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally.
,
Jan 8
Automatically adding ccs based on OWNERS file / target commit history. If this is incorrect, please add ClusterFuzz-Wrong label.
,
Jan 8
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/76f88936990ab99b0b5f451f3755f462a69c5fdc ([parser] Create arrow function scopes while parsing the head). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Jan 8
,
Jan 8
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/7c3595effab4c3277186ca86b73a6a0cb4d0d5d3 commit 7c3595effab4c3277186ca86b73a6a0cb4d0d5d3 Author: Toon Verwaest <verwaest@chromium.org> Date: Tue Jan 08 14:46:07 2019 [parser] Reparse arrow functions with unidentified syntax errors in the correct scope Bug: chromium:919710 Change-Id: I5a04e76fbc925a89b0ebe1916637f6ae5d109b24 Reviewed-on: https://chromium-review.googlesource.com/c/1400419 Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#58637} [modify] https://crrev.com/7c3595effab4c3277186ca86b73a6a0cb4d0d5d3/src/parsing/parser-base.h [add] https://crrev.com/7c3595effab4c3277186ca86b73a6a0cb4d0d5d3/test/mjsunit/regress/regress-919710.js
,
Jan 9
ClusterFuzz has detected this issue as fixed in range 620976:620985. Detailed report: https://clusterfuzz.com/testcase?key=4804852701724672 Fuzzer: libFuzzer_javascript_parser_proto_fuzzer Fuzz target binary: javascript_parser_proto_fuzzer Job Type: x86_libfuzzer_chrome_asan Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x00000000 Crash State: v8::internal::Scope::zone v8::internal::ParserBase<v8::internal::Parser>::FunctionState::FunctionState v8::internal::ParserBase<v8::internal::Parser>::ParseArrowFunctionLiteral Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=x86_libfuzzer_chrome_asan&range=620357:620366 Fixed: https://clusterfuzz.com/revisions?job=x86_libfuzzer_chrome_asan&range=620976:620985 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4804852701724672 See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 9
ClusterFuzz testcase 4804852701724672 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ClusterFuzz
, Jan 8Labels: Test-Predator-Auto-Components