fuzzer: int.toString invoked with String receiver #46980

rmacnak-google · 2021-08-24T16:17:53Z

// Reduced from:
// The Dart Project Fuzz Tester (1.91).
// Program generated as:
//   dart dartfuzz.dart --seed 929450448 --no-fp --no-ffi --no-flat
// @dart=2.14

import 'dart:collection';
import 'dart:typed_data';

MapEntry<List<int>, Map<String, String>>? var0 = MapEntry<List<int>, Map<String, String>>(Uint16List.fromList(<int>[-25]), <String,String>{
  '' : 'p8',
  'VGiZ+x' : 'n6\u{1f600}',
  'j' : 'hrNI',
  '3@kX)\u{1f600}' : 'TW+Z',
  'D' : '\u2665Yqu',
  'wzBa\u{1f600}h' : '-k'
});
num? var78 = 29;
MapEntry<String, int> var141 = MapEntry<String, int>('\u{1f600}', 16);

MapEntry<Map<bool, int>, MapEntry<bool, int>>? var2896 = MapEntry<Map<bool, int>, MapEntry<bool, int>>(<bool,int>{
  true : -79,
  false : 13,
  true : 35,
  true : -84,
  false : -9223372034707292159
}, MapEntry<bool, int>(true, 0));

main() {
  for (var i = 0; i < 1848; i++) {
    print(var2896);
  }

  print('$var0\n$var78\n$var141\n');
}

$ out/ReleaseIA32/dart fuzz.dart
...
Unhandled exception:
NoSuchMethodError: Class 'String' has no instance method '<'.
Receiver: ")"
Tried calling: <(100)
#0      Object.noSuchMethod (dart:core-patch/object_patch.dart:63:5)
#1      int.toString (dart:core-patch/integers.dart:645:14)
#2      _StringBase._interpolate (dart:core-patch/string_patch.dart:857:23)
#3      MapEntry.toString (dart:core/map.dart:367:48)
#4      _StringBase._interpolate (dart:core-patch/string_patch.dart:857:23)
#5      main (file:///usr/local/google/home/rmacnak/dart2/sdk/fuzz.dart:33:35)
#6      _delayEntrypointInvocation.<anonymous closure> (dart:isolate-patch/isolate_patch.dart:287:19)
#7      _RawReceivePortImpl._handleMessage (dart:isolate-patch/isolate_patch.dart:187:12)

The text was updated successfully, but these errors were encountered:

… state. When checking if the guarded receiver CID has changed, we must find the original guarded CID by looking in the original ICData entries array. The first entry in the current ICData entries array might not correspond to the original entry because we sometimes re-order entries. For example, insert the Smi case at the beginning. TEST=ci Bug: #46948 Bug: #46980 Change-Id: Id0904de3a68fbb77842f552329a14c3127ee9fc8 Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/211082 Commit-Queue: Ryan Macnak <rmacnak@google.com> Reviewed-by: Alexander Aprelev <aam@google.com>

rmacnak-google added area-vm Use area-vm for VM related issues, including code coverage, and the AOT and JIT backends. dartfuzz Found with Dart fuzzing (DartFuzz, libFuzzer, etc.) labels Aug 24, 2021

rmacnak-google closed this as completed Aug 26, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fuzzer: int.toString invoked with String receiver #46980

fuzzer: int.toString invoked with String receiver #46980

rmacnak-google commented Aug 24, 2021

fuzzer: int.toString invoked with String receiver #46980

fuzzer: int.toString invoked with String receiver #46980

Comments

rmacnak-google commented Aug 24, 2021