Suspected CLs	Regression information is not available. The result is the blame information.

Author: tkent
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/37f57d892222dc0ed816ae004074d7c80600ad46
Time: Thu Mar 10 10:53:00 2016
The CL last changed line 284 of file HTMLTextAreaElement.cpp, which is stack frame 0.

Author: rniwa@webkit.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/e4a39a278c3f514f2e81f631864ab2db2a9031e9
Time: Thu Jul 14 17:45:04 2011
The CL last changed line 103 of file HTMLTextFormControlElement.cpp, which is stack frame 1.

Author: rniwa@webkit.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/93fd8cf7efea2cba564b2c5e45c20c63c1698596
Time: Tue Jul 12 21:20:35 2011
The CL last changed line 265 of file HTMLTextAreaElement.cpp, which is stack frame 2.

Author: darin@apple.com
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/f72a89bff16c87042ef47c3cddff8cb1e22f99d4
Time: Sun May 30 21:22:42 2010
The CL last changed line 128 of file TextControlInnerElements.cpp, which is stack frame 3.

Author: hayato@chromium.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/1ba07c4838e2394ff30601821eec77a840c9c26a
Time: Tue Feb 19 07:57:37 2013
The CL last changed line 222 of file EventDispatcher.cpp, which is stack frame 4.

Author: hayato@chromium.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/1ba07c4838e2394ff30601821eec77a840c9c26a
Time: Tue Feb 19 07:57:37 2013
The CL last changed line 129 of file EventDispatcher.cpp, which is stack frame 5.

Author: hayato@chromium.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/956ec238461ddb5a1c9fff130061a58dd59e64e4
Time: Mon Dec 01 11:29:43 2014
The CL last changed line 56 of file EventDispatchMediator.cpp, which is stack frame 6.

Suspected Component: chromium
Suspected Cr- Label: Cr-Blink-HTML
==============================================================

tkent@: Could you please take a look at this.

Thank you!

FontName command inserts <font face="..."> into TEXTAREA.  Will fix tomorrow.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0905ff8febc72c69c471e9c5035caa62cfc171e8

commit 0905ff8febc72c69c471e9c5035caa62cfc171e8
Author: tkent <tkent@chromium.org>
Date: Wed Mar 16 05:39:07 2016

Disable FontName, FontSize, and FontSizeDelta commands in contenteditable=plaintext-only.

We shouldn't add <font> elements to plain-text editors.

BUG= 594917 
TEST=automated

Review URL: https://codereview.chromium.org/1805773002

Cr-Commit-Position: refs/heads/master@{#381406}

[modify] https://crrev.com/0905ff8febc72c69c471e9c5035caa62cfc171e8/third_party/WebKit/LayoutTests/editing/execCommand/enabling-and-selection-expected.txt
[modify] https://crrev.com/0905ff8febc72c69c471e9c5035caa62cfc171e8/third_party/WebKit/LayoutTests/editing/execCommand/script-tests/enabling-and-selection.js
[modify] https://crrev.com/0905ff8febc72c69c471e9c5035caa62cfc171e8/third_party/WebKit/LayoutTests/fast/forms/plaintext-mode-1-expected.txt
[modify] https://crrev.com/0905ff8febc72c69c471e9c5035caa62cfc171e8/third_party/WebKit/LayoutTests/fast/forms/plaintext-mode-1.html
[modify] https://crrev.com/0905ff8febc72c69c471e9c5035caa62cfc171e8/third_party/WebKit/Source/core/editing/commands/EditorCommand.cpp

ClusterFuzz has detected this issue as fixed in range 381404:381411.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6242283386568704

Fuzzer: mbarbella_js_mutation_layout
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  ASSERTION FAILED: isHTMLBRElement(node)
  blink::HTMLTextAreaElement::subtreeHasChanged
  blink::HTMLTextFormControlElement::defaultEventHandler
  
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=381404:381411

Minimized Testcase (0.94 Kb): https://cluster-fuzz.appspot.com/download/AMIfv944PwmAeOHPi6fhG82GXaBQ_bajw0mJvskySumk8m2S9-EFa84E6gxwcMr7m6JQo8OTDWsucHbP8l6580pvGRJV-TNRXSGh9EFv7XYT2tyHCrnm7ND1AD8UKEM0lHGzCvlJI2trxGy0NjoV2fixssWKGS9-pQ

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot