Null-dereference READ in v8::internal::ParserBase<v8::internal::Parser>::ParseArrowFunctionLiteral |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5690398429282304 Fuzzer: mbarbella_js_mutation Job Type: linux_ubsan_vptr_d8 Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000070 Crash State: v8::internal::ParserBase<v8::internal::Parser>::ParseArrowFunctionLiteral v8::internal::ParserBase<v8::internal::Parser>::ParseAssignmentExpressionCoverGr ParseAssignmentExpression Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_d8&range=58628:58629 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5690398429282304 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally.
,
Jan 20
(2 days ago)
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/f9529f6b45de51f8d507e11e7741a03a74697bc4 ([parser] Disambiguate variables through expression-scope). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Yesterday
(44 hours ago)
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/b4e7d1117832b94e700b6557a0b3c5b6b2578b79 commit b4e7d1117832b94e700b6557a0b3c5b6b2578b79 Author: Toon Verwaest <verwaest@chromium.org> Date: Mon Jan 21 10:12:10 2019 [parser] Reparsing arrow function head upon failure can overflow the stack Bug: chromium:923723 Change-Id: Ic397642c2e803b2ada95fa87ece31032eb104782 Reviewed-on: https://chromium-review.googlesource.com/c/1424857 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#58949} [modify] https://crrev.com/b4e7d1117832b94e700b6557a0b3c5b6b2578b79/src/parsing/parser-base.h [add] https://crrev.com/b4e7d1117832b94e700b6557a0b3c5b6b2578b79/test/mjsunit/regress/regress-923723.js
,
Yesterday
(44 hours ago)
,
Yesterday
(38 hours ago)
ClusterFuzz has detected this issue as fixed in range 58948:58949. Detailed report: https://clusterfuzz.com/testcase?key=5690398429282304 Fuzzer: mbarbella_js_mutation Job Type: linux_ubsan_vptr_d8 Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000070 Crash State: v8::internal::ParserBase<v8::internal::Parser>::ParseArrowFunctionLiteral v8::internal::ParserBase<v8::internal::Parser>::ParseAssignmentExpressionCoverGr ParseAssignmentExpression Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_d8&range=58628:58629 Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_d8&range=58948:58949 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5690398429282304 See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Yesterday
(38 hours ago)
ClusterFuzz testcase 5690398429282304 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by ClusterFuzz
, Jan 20 (2 days ago)Labels: Test-Predator-Auto-Components