Outdent command with visibility:collapsed crash |
||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5079282161811456 Fuzzer: mbarbella_js_mutation_layout Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: CHECK failed: isEndOfParagraph(endOfParagraphToMove). #text "\n no area click blink::CompositeEditCommand::moveParagraph blink::IndentOutdentCommand::outdentParagraph Minimized Testcase (0.39 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94iPuWqoFm3-HUqIxzg5xoc5377LFJELd1CjnO5HYieBKcfcTA3YgbvcP4BssGorVRzyPXS3Qpf-esc85hGVwQuv-oaJyFzsozfTBG4nsKzShyPmwA7vQnaHAHWNGOFK9-Qts-eY5emaCw3kLyDN7zynh0FeQ <style> * { visibility: visible; } *:only-of-type { visibility: collapse; </style> <script> onload = function() { document.designMode = 'on'; var __v_0 = document.querySelector('blockquote'); getSelection().collapse(__v_0, 2); document.execCommand('Outdent'); }; </script> <blockquote> <table> <table> </table> <div> no area click seen yet </div> <div> Filer: manoranjanr See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
May 6 2016
,
May 19 2016
Sorry for the delay. The change is not related to the crash itself, but it seems that changing ASSERTs to DCHECKs allowed clusterfuzz to detect the failure.
,
Jun 6 2016
,
Jun 10 2016
Lower to Pri-2, since real world usage of Outdent command is low.
,
Oct 7 2016
ClusterFuzz has detected this issue as fixed in range 423391:423439. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5079282161811456 Fuzzer: mbarbella_js_mutation_layout Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: isEndOfParagraph(endOfParagraphToMove). #text "\n no area click seen yet\n "@ blink::CompositeEditCommand::moveParagraph blink::IndentOutdentCommand::outdentParagraph Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=268656:269696 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=423391:423439 Minimized Testcase (0.39 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95EC4DqaFzpznNZhFU8HQ7UCvfBUZNXwPAdif7JIBE65jONiaoOchO0dkGIJpvstrwZniCbBhmVWlUE11lGt6rGKLZ5rN8lriocLvrQY3YItsd82Led94mGOwyumxtBKptxujZSUurxYebtULggwsV3eO-5ng?testcase_id=5079282161811456 <style> * { visibility: visible; } *:only-of-type { visibility: collapse; </style> <script> onload = function() { document.designMode = 'on'; var __v_0 = document.querySelector('blockquote'); getSelection().collapse(__v_0, 2); document.execCommand('Outdent'); }; </script> <blockquote> <table> <table> </table> <div> no area click seen yet </div> <div> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 7 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Oct 18 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by manoranj...@chromium.org
, May 5 2016Labels: Te-Logged
Owner: koten...@yandex-team.ru
Status: Assigned (was: Available)