danakj@, could you please look into this change (https://chromium.googlesource.com/chromium/src/+/58b7d6bc5ba09d553fb0757e1b7ffe524f790d72%5E%21/third_party/WebKit/Source/core/dom/Node.h) if possible? Please feel free to re-assign in-case if this is not your's.

Thank you!

My CL is titled "blink: Rename enums and functions to not collide with chromium style." As it says, it is simply renaming some things.

Sorry, i overlooked the CL.

hayato@, could you please look into this?

Thank you!

yosin@, could you take a look?
It looks related to editing command.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5857080803590144

Fuzzer: mbarbella_js_mutation_layout
Job Type: linux_asan_chrome_v8
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  blink::Node::isPseudoElement
  blink::Node::hasEditableStyle
  blink::Node::hasEditableStyle
  

Minimized Testcase (0.53 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94OkjoFqlbpCUci1uuBQjRmzUiUyhX9OExfIXr2kohX2fTeGFvkxKNVNdjwEin0TpvIW0qauf7ma9dbLekMb4ToImopOHpUmmDIO8hRponDFwRjs7EExR2EUNO0RmEMTWOF_Q08zM8OtmaTDiCzhN2_UOPp1Q

Filer: durga.behera

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Lower to Pri-2, since real world usage of editing with display:flex is low.

m_startingSelection.showTreeForThis()
BODY	0000044DF02A31D0
	DIV	0000044DF02A3238 ID="test" (editable) (focused)
		#text	0000044DF02A3708 "\n   x"
		DIV	0000044DF02A34C8 (editable)
			#text	0000044DF02A3530 "foo"
		DIV	0000044DF02A35E8 (editable)
			#text	0000044DF02A3650 "bar"
SE		#text	0000044DF02A32A0 "x\n  "
	#text	0000044DF02A32F0 "\n"
	SCRIPT	0000044DF02A3340
		#text	0000044DF02A33B8 "\nvar s = window.getSelection();\nvar e = document.getElementById("test");\ns.collapse(e);\ns.modify("move", "forward", "character");\ndocument.execCommand("InsertHTML", false, "<div>foo</div><span><div>bar</div></span><br class='Apple-interchange-newline'>");\n"

ClusterFuzz has detected this issue as fixed in range 37060:37109.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5857080803590144

Fuzzer: mbarbella_js_mutation_layout
Job Type: linux_asan_chrome_v8
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  blink::Node::isPseudoElement
  blink::Node::hasEditableStyle
  blink::Node::hasEditableStyle
  
Fixed: V8: r37060:37109

Minimized Testcase (0.52 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94mmazi3CrgrTJIbcJrXa8s0bjVCMPfzVXeAJrx6N7LeISGUIDShYsa4s-4b33w9WR9psAxspFR89FO6uAW4CVt1MjhZ1FzUbDfitEItha2ZjISE6Di63mL8wIBLyVvdUqpZt9MgsihhX4dVDujTZjLSsVXew?testcase_id=5857080803590144

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 37060:37109.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5932155005304832

Fuzzer: mbarbella_js_mutation_layout
Job Type: linux_asan_chrome_v8
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  blink::Node::isPseudoElement
  blink::Node::hasEditableStyle
  blink::Node::hasEditableStyle
  
Fixed: V8: r37060:37109

Minimized Testcase (0.37 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97bDnWhN2s9rKC1gsIjlefcsujpCeSfxR0menys2ojjQ-92UjWO6Mmbup0hlyrsRQZv0ZECIuQl0Hkf0AIo-tLWVa2txSIdl4Simjkcgmm4j_DvaDXrtdesJJVcjubXAlwhTJRP3TOU_qc87X_gMFwRl5-z_Q?testcase_id=5932155005304832

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot