Suspected CLs	Regression information is not available. The result is the blame information.

Author: arv@chromium.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/fde86ea9ebe4a90eb19c808c7d30373977ddede0
Time: Wed Jul 10 23:09:43 2013
The CL last changed line 44 of file ExceptionStatePlaceholder.cpp, which is stack frame 0.

Author: mkwst@chromium.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/1c21a2e8dcbb38464b2522f3172af3d4cfaea82d
Time: Wed Dec 04 15:46:47 2013
The CL last changed line 136 of file ContainerNode.cpp, which is stack frame 1.

Author: kangil.han@samsung.com
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/01e7a3de5e74046f89e7a969bdc9fd2d28f16c43
Time: Fri Jul 11 13:06:24 2014
The CL last changed line 730 of file ContainerNode.cpp, which is stack frame 2.

Author: tkent
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/18a1a860db010e852016004215f2fc854faf2135
Time: Wed Jan 27 11:51:41 2016
The CL last changed line 1360 of file Editor.cpp, which is stack frame 3.

Author: tkent
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/18a1a860db010e852016004215f2fc854faf2135
Time: Wed Jan 27 11:51:41 2016
The CL last changed line 4517 of file Document.cpp, which is stack frame 4.

Suspected Component: chromium
Suspected Cr- Label: Cr-Blink-DOM
======================================================================

Unable to find the exact suspects from the above Blamelist .

Assigning to  yosin@ for related update on  Issue 477765  and for further investigation.

Please re-assign if the change is not related.

Thank you!

Remove Cr-* labels, replace w/ component

Before executing

    if (document.documentElement())
        body->appendChild(document.documentElement());

Where body == document.documentElement()


*BODY   00000212A04A3318 (editable)
        #text   00000212A04A33D0 "title="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
A B">\n"
        HTML    00000212A04A3180 (editable)
                HEAD    00000212A04A31E8 (editable)
                        SCRIPT  00000212A04A3250 (editable)
                                #text   00000212A04A32C8 "...script..."
                        #text   00000212A04A3380 "\n "
                HEAD    00000212A04A3420 (editable)

In review: http://crrev.com/1828623002

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f0371cdb39e34540ebb9ea0daaa962976b551b56

commit f0371cdb39e34540ebb9ea0daaa962976b551b56
Author: yosin <yosin@chromium.org>
Date: Wed Mar 23 09:13:46 2016

Make Editor::tidyUpHTMLStructure() handles BODY element correctly

This patch makes |Editor::tidyUpHTMLStructure()| to handle BODY element
correctly when it is document element.

Before this patch, |Editor::tidyUpHTMLStructure()| attempt to move existing
BODY element itself, this patch checks this case and not to move it into
itself.

This patch also exports HEAD element to use in unit test and adds
"HTMLHeadElement.h" into GYPI file for sane.

BUG= 595606 
TEST=run_webkit_unittests --gtest_filter=EditorTest.tidyUpHTMLStructure*

Review URL: https://codereview.chromium.org/1828623002

Cr-Commit-Position: refs/heads/master@{#382811}

[modify] https://crrev.com/f0371cdb39e34540ebb9ea0daaa962976b551b56/third_party/WebKit/Source/core/core.gypi
[modify] https://crrev.com/f0371cdb39e34540ebb9ea0daaa962976b551b56/third_party/WebKit/Source/core/editing/Editor.cpp
[add] https://crrev.com/f0371cdb39e34540ebb9ea0daaa962976b551b56/third_party/WebKit/Source/core/editing/EditorTest.cpp
[modify] https://crrev.com/f0371cdb39e34540ebb9ea0daaa962976b551b56/third_party/WebKit/Source/core/html/HTMLHeadElement.h

ClusterFuzz has detected this issue as fixed in range 382807:382822.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5208063314755584

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  ASSERTION FAILED: false
  blink::NoExceptionStateAssertionChecker::throwDOMException
  blink::ContainerNode::checkAcceptChild
  
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=382807:382822

Minimized Testcase (1.31 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96xJz7Smw9HoHQ01_Jh6KTEltTZJUFzMWGy76QRBBRFkhgNjOC4UszGBFOg6RUrKL4XE8kupUTuEox3BnfmNOMDL7zJNJvpuQazX1BxkyS3savDt2VIU3pIPjVYxM8RP2yvByQITqy42FUPk3fPpBwthU0sKw

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot