PasteMatchStyle command crashes with Dialog.showModal() |
|||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5229554305597440 Fuzzer: ochang_domfuzzer Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000008 Crash State: blink::PositionTemplate<blink::EditingAlgorithm<blink::NodeTraversal> >::inParen blink::ReplaceSelectionCommand::doApply blink::CompositeEditCommand::apply Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=354148:354411 Minimized Testcase (0.43 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv97kDxjnCxagz1V-b9RKzUipE4aQNGjg7EnUcbje-jAAUBN7-BDCTCjSbIq14D9Q_MGYSO6vUoHF8g5reuUgdo7bYQgPrZ_L_DwP0lhEux27Nzz7gkqRvjkVlJH9MPHIJ1Au6twKVW3cpwbjX4zmoKv3gnIIvg <div contenteditable="true" id="test"> </div> <script> var s = window.getSelection(); var e = document.getElementById("test"); s.collapse(e); document.execCommand("InsertHTML", false , "<blockquote type='cite'>bar</blockquote>"); </script> <dialog dialog="" <="" id="middle-dialog" data-offset-y="100" class="green-box"> <script> document.getElementById('middle-dialog').showModal(); document.execCommand("PasteAndMatchStyle"); </script> Filer: pucchakayala See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 7 2016
Route to Editing triage
,
Apr 11 2016
Lower to Pri-2, since usage of Dialog.showModal() is low.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Feb 15 2017
ClusterFuzz has detected this issue as fixed in range 450347:450401. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5229554305597440 Fuzzer: ochang_domfuzzer Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000008 Crash State: blink::PositionTemplate<blink::EditingAlgorithm<blink::NodeTraversal> >::inParen blink::ReplaceSelectionCommand::doApply blink::CompositeEditCommand::apply Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=354148:354411 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=450347:450401 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94a3LoRjuzciqwEZGMMq6pg5grPLJA3euEreQHS5mfIQmxMbaY3N6eC40agmBYrh8-ZcO8Mm_2S9zP_LulqR1PPIDuj_yJ9EE--6Zqk5KSiUC91IirZigAibVpjSFTouynHLgoRWCSmi51wC8bPYl1lOnFNNg?testcase_id=5229554305597440 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Feb 15 2017
ClusterFuzz testcase 5229554305597440 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by pucchakayala@chromium.org
, Apr 5 2016Owner: tkent@chromium.org
Status: Assigned (was: Available)