New issue
Advanced search Search tips

Issue 597038 link

Starred by 0 users

Issue metadata

Status: WontFix
Owner: ----
Closed: Mar 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

HARD TO REPRO: Crash in blink::CompositeEditCommand::insertNodeAfter

Project Member Reported by ClusterFuzz, Mar 22 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5331957231124480

Fuzzer: inferno_twister
Job Type: linux_asan_chrome_media
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000048
Crash State:
  blink::CompositeEditCommand::insertNodeAfter
  blink::InsertLineBreakCommand::doApply
  blink::CompositeEditCommand::applyCommandToComposite
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_media&range=323926:323960

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97A0Xsx5pUwdGrLCBva5p5BRPBb6ElTRXcQ7Avug7uSmv5U4HaPkB77kiQJ9cs9YOaBCyM4C9MVOBQahc0XIhTWL-HC6rI926qeKTwtm2UusTaXW0Y2ueK0o1OBHb1ERsZWprME8Hd930hK1x6zhdHDbd14IflngSJIe1CxsjFG6_3j2wE


Additional requirements: Requires Gestures

Additional requirements: Requires HTTP

Filer: ligimole

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
 
Labels: Te-Logged M-51
Owner: tkent@chromium.org
Status: Assigned (was: Available)
Possible suspect.

https://chromium.googlesource.com/chromium/src//+/45632fb469f9738299adf8f0877812138bd6d682

Forwarding to CL author for updates.

Comment 2 by tkent@chromium.org, Mar 23 2016

Components: Blink>Editing

Comment 3 by tkent@chromium.org, Mar 23 2016

Owner: ----
Status: Untriaged (was: Assigned)


The clusterfuzz page says the regression range is:
  Chromium: 323926:323960
  Blink: f0c2b57a82c769daa02c9349933b59d302ae0dc6:d982612927cfb8e3d18b007439ac08873ac8f2b1

It doesn't include my https://chromium.googlesource.com/chromium/src//+/45632fb469f9738299adf8f0877812138bd6d682 .

Comment 4 by yosin@chromium.org, Mar 23 2016

Status: Available (was: Untriaged)
Summary: HARD TO REPRO: Crash in blink::CompositeEditCommand::insertNodeAfter (was: Crash in blink::CompositeEditCommand::insertNodeAfter)
I attempt to gestures but I could not. It is hard to reproduce...

Since, InsertLineBreakCommand causes this assertion, hitting Return key should trigger. But, there are gestures after Return.
Project Member

Comment 5 by ClusterFuzz, Mar 24 2016

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5331957231124480

Fuzzer: inferno_twister
Job Type: linux_asan_chrome_media
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000048
Crash State:
  blink::CompositeEditCommand::insertNodeAfter
  blink::InsertLineBreakCommand::doApply
  blink::CompositeEditCommand::applyCommandToComposite
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_media&range=323926:323960

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97A0Xsx5pUwdGrLCBva5p5BRPBb6ElTRXcQ7Avug7uSmv5U4HaPkB77kiQJ9cs9YOaBCyM4C9MVOBQahc0XIhTWL-HC6rI926qeKTwtm2UusTaXW0Y2ueK0o1OBHb1ERsZWprME8Hd930hK1x6zhdHDbd14IflngSJIe1CxsjFG6_3j2wE


Additional requirements: Requires Gestures

Additional requirements: Requires HTTP

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Comment 6 by yosin@chromium.org, Mar 24 2016

Status: WontFix (was: Available)
Mark WontFix according to #5.
We need to have stable repro case to fix the issue.
Project Member

Comment 7 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment