Findit could not find any suspected CLs.

using codesearch seeing some changes to 'TextIterator.cpp' in https://chromium.googlesource.com/chromium/src/+/4ed5e3b54598950731022926b09fdc8742abea74

dglazkov@ Could you please check the above issue & help us in finding an owner it its not yours.

Doesn't look directly related to my change, but happy to help if it does. Handing off to the editing folks.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6204784496869376

Fuzzer: bj_broddelwerk
Job Type: windows_syzyasan_chrome
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x00000013
Crash State:
  blink::TextIteratorAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::in
  blink::TextIteratorAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::Te
  blink::createPlainText<blink::EditingAlgorithm<blink::NodeTraversal> >
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_chrome&range=378919:378963

Minimized Testcase (3.66 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94u5qV0EXQMdePEo5FedT7kMDSygYndUPV35UM3TZqKKnlKn3ovO8M23QiiKUN9PowiCZfNMk-o7o44IfwcrhS8zgtR7IGpFOTe0qCm0kPsRCPtes4gPzZohE9unB3dNvI0j_S2vYgVEoB3Alz8DscEkV_RrA

Filer: pucchakayala

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6204784496869376

Fuzzer: bj_broddelwerk
Job Type: windows_syzyasan_chrome
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x00000013
Crash State:
  blink::TextIteratorAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::in
  blink::TextIteratorAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::Te
  blink::createPlainText<blink::EditingAlgorithm<blink::NodeTraversal> >
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_chrome&range=378919:378963

Minimized Testcase (3.66 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94u5qV0EXQMdePEo5FedT7kMDSygYndUPV35UM3TZqKKnlKn3ovO8M23QiiKUN9PowiCZfNMk-o7o44IfwcrhS8zgtR7IGpFOTe0qCm0kPsRCPtes4gPzZohE9unB3dNvI0j_S2vYgVEoB3Alz8DscEkV_RrA

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6378987162435584

Fuzzer: inferno_layout_test_unmodified
Job Type: windows_syzyasan_chrome
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x00000013
Crash State:
  blink::TextIteratorAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::in
  blink::TextIteratorAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::Te
  blink::createPlainText<blink::EditingAlgorithm<blink::NodeTraversal> >
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_chrome&range=379959:380056

Minimized Testcase (3.26 Kb): https://cluster-fuzz.appspot.com/download/AMIfv942iQmoCSf-EzG4Y0bHZ5r6jHVqknQqQ19kzz7sCehpK6RO1d0KOxYHDkYVvs_Zj9V9lwfhUfWVUUDgM3-n7GRivtSTxiPg46X_bGpEnz6mmsG5TYnbLRH9uZ2J6WA-nGvNhGA5SZ0Gt8bEx5WpUXvYUxTvrg

Filer: nyerramilli

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Lower to Pri-2, since it caused by DOM mutation event handler modifies DOM tree. It is unusual.

I hit assertion in Range::processAncestorsAndTheirSiblings()

ASSERT(!firstChildInAncestorToProcess || firstChildInAncestorToProcess->parentNode() == ancestor);

firstChildInAncestorToProcess isn't null.


firstChildInAncestorToProcess.m_ptr->showTreeForThis()
BODY	47982D00
	#text	47982DA0 "\n"
	INPUT	47984FE8
		#shadow-root	47985090
			DIV	47985100 ID="inner-editor" (editable)
	DIV	47982F88
		BASE	47988548
		#text	47988580 "}B,,,,,,,,0ovvv5%twwwwwwwwwwww({"
		CANVAS	479885B0
			svg	47988648
				#text	47988708 "HHHH"YuNKee2\\&iiiiiiiii7777777vv"
			#text	47988738 "TI;B,,,,,',,,,,,,,,,,,,,,Tdddd&`"
			IFRAME	47988768
				#text	479887E0 "```*($$$$$$$hhhhhssssssss>p%"_F5"
		svg	47988810
			#text	479888D0 "[[[[W-5&&&FFF"
			r------dddddddddnm<	47988900
*	HR	47982DD0
	#text	47982E08 "\n"
	TABLE	47982E38 CLASS="CLASS7"
		#text	47982E80 "\n"
	#text	47982EB0 "\n"
ancestor FORM	47982EE0
		#text	47982F58 "\n"
<void>

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6378987162435584

Fuzzer: inferno_layout_test_unmodified
Job Type: windows_syzyasan_chrome
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x00000013
Crash State:
  blink::TextIteratorAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::in
  blink::TextIteratorAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::Te
  blink::createPlainText<blink::EditingAlgorithm<blink::NodeTraversal> >
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_chrome&range=379959:380056

Minimized Testcase (3.26 Kb): https://cluster-fuzz.appspot.com/download/AMIfv942iQmoCSf-EzG4Y0bHZ5r6jHVqknQqQ19kzz7sCehpK6RO1d0KOxYHDkYVvs_Zj9V9lwfhUfWVUUDgM3-n7GRivtSTxiPg46X_bGpEnz6mmsG5TYnbLRH9uZ2J6WA-nGvNhGA5SZ0Gt8bEx5WpUXvYUxTvrg

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4884503050321920

Fuzzer: bj_broddelwerk
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000020
Crash State:
  blink::TextIteratorAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::in
  blink::TextIteratorAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::Te
  blink::TextIteratorAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::ra
  

Minimized Testcase (1.65 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94uif5Y5Rww7nKKHeKQSuRi3HLQUGcjmB1IfM0KSYzavDf4Mhn_dehM8LEvAigiZ8leIdIoux2hcxAlFwQqPSDN1KO6_3pgZWOyTTFQCnQMGgA6K1WYAa9uFlqgbebatsJZXlLy3Jp9rOc8rHAiKxjTYP_4vg

Filer: manoranjanr

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5302035133497344

Fuzzer: bj_broddelwerk
Job Type: windows_syzyasan_chrome
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x00000013
Crash State:
  blink::TextIteratorAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::in
  blink::TextIteratorAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::Te
  blink::createPlainText<blink::EditingAlgorithm<blink::NodeTraversal> >
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_chrome&range=381899:383055

Minimized Testcase (3.30 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95B_4I7JASp50sP61cUX0xxHqnHcAvn2nmYnrPXOenfCdTkqSuUyO3KHBNxJ4B0AoigjteB9vdQ0qLYJbMAOcAKCy5oRdURaOpzieutNlwdk0L6Pu08cYodY12kd6zEEfqJvo3u89XKaJb3GyuMZ8tpny9UEA

Filer: pucchakayala

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5031663649685504

Fuzzer: bj_broddelwerk
Job Type: linux_asan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000020
Crash State:
  blink::TextIteratorAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::in
  blink::TextIteratorAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::ra
  blink::CompositeEditCommand::moveParagraphs
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=172836:173286

Minimized Testcase (1.08 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97iEp5OTmNvEDHQA7FuPkIMv10D3LIGvMzDvJ96b068inI_7t3hvCxmrsa7O4yJlSSkAz_llXxQVfTaPuZ5H2-eFYDQfIXzBdYI-paeWfJ_0EDPug0vjSarkErb11yGX9P-pyLoH8mw03PM2Eh_X8z7aWkm5Q

Filer: ssamanoori

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

ClusterFuzz has detected this issue as fixed in range 455091:455394.

Detailed report: https://clusterfuzz.com/testcase?key=5031663649685504

Fuzzer: bj_broddelwerk
Job Type: linux_asan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000020
Crash State:
  blink::TextIteratorAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::in
  blink::TextIteratorAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::ra
  blink::CompositeEditCommand::moveParagraphs
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=338890:338960
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=455091:455394

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv95pgsQngzHyo6YPEMQayHz0XznTc2rZC9ycpa_MDR4S41wAMoKcgGTxIpf0Lmq7H3TJxUmeS2W06kKVj9B4kTHFRIg1nokS6-yqcczGMmL9L9sT6z6vPnWX7dcxqtNUdX5kZdLZcxlJqym4XLICr-g-PRxjUw?testcase_id=5031663649685504


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 455091:455394.

Detailed report: https://clusterfuzz.com/testcase?key=4884503050321920

Fuzzer: bj_broddelwerk
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000020
Crash State:
  blink::TextIteratorAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::in
  blink::TextIteratorAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::Te
  blink::TextIteratorAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::ra
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=371187:371278
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=455091:455394

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv95Um3TAYgEh23G_oEDNqNgBMfpm2GMMCHYR-ylpahRqF8SADIzh2COYPG0FD50ljs36oaYOSh6PGGnwpMmeehOKJWnw9e6oQOTeQqLHEnIrRvNfmvg7D9UF1LdQzkLSY6gCQSkZ9oDSWSCLE_SjfkR_67iwiA?testcase_id=4884503050321920


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Mark WontFix. We need to have another test case...

ClusterFuzz has detected this issue as fixed in range 380105:380146.

Detailed report: https://clusterfuzz.com/testcase?key=6204784496869376

Fuzzer: bj_broddelwerk
Job Type: windows_syzyasan_chrome
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x00000013
Crash State:
  blink::TextIteratorAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::in
  blink::TextIteratorAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::Te
  blink::createPlainText<blink::EditingAlgorithm<blink::NodeTraversal> >
  
Memory Tool: SYZYASAN

Regressed: https://clusterfuzz.com/revisions?job=windows_syzyasan_chrome&range=378919:378963
Fixed: https://clusterfuzz.com/revisions?job=windows_syzyasan_chrome&range=380105:380146

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94u5qV0EXQMdePEo5FedT7kMDSygYndUPV35UM3TZqKKnlKn3ovO8M23QiiKUN9PowiCZfNMk-o7o44IfwcrhS8zgtR7IGpFOTe0qCm0kPsRCPtes4gPzZohE9unB3dNvI0j_S2vYgVEoB3Alz8DscEkV_RrA?testcase_id=6204784496869376


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.