Issue 923642 link

Starred by 1 user

Issue metadata

Status:	Assigned
Owner:	jkummerow@chromium.org
Cc:	verwa...@chromium.org
Components:	Blink>JavaScript Blink>JavaScript>Runtime
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug
Reproducible Clusterfuzz Stability-UndefinedBehaviorSanitizer Test-Predator-Auto-Components

Integer-overflow in v8::internal::RegExpQuantifier::RegExpQuantifier

Project Member Reported by ClusterFuzz, Jan 19 (3 days ago)

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5067350122561536

Fuzzer: ochang_js_fuzzer
Job Type: linux_ubsan_d8
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  v8::internal::RegExpQuantifier::RegExpQuantifier
  v8::internal::RegExpBuilder::AddQuantifierToAtom
  v8::internal::RegExpParser::ParseDisjunction
  
Sanitizer: undefined (UBSAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5067350122561536

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally.

Project Member

Comment 1 by ClusterFuzz, Jan 19 (3 days ago)

Components: Blink>JavaScript>Runtime
Labels: Test-Predator-Auto-Components

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Comment 2 by machenb...@chromium.org, Jan 19 (3 days ago)

Cc: jkummerow@chromium.org

Comment 3 by mstarzinger@chromium.org, Yesterday (38 hours ago)

Cc: -jkummerow@chromium.org
Owner: jkummerow@chromium.org
Status: Assigned (was: Untriaged)

►

Issue 923642 link

Issue metadata

Integer-overflow in v8::internal::RegExpQuantifier::RegExpQuantifier

Issue description

Comment 1 by ClusterFuzz, Jan 19 (3 days ago)

Comment 1 Deleted

Comment 2 by machenb...@chromium.org, Jan 19 (3 days ago)

Comment 2 Deleted

Comment 3 by mstarzinger@chromium.org, Yesterday (38 hours ago)

Comment 3 Deleted

Sign in to add a comment