New issue
Advanced search Search tips

Issue 610213 link

Starred by 0 users

Issue metadata

Status: WontFix
Owner: ----
Closed: Jun 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Italic command crashes with unusual HTML

Project Member Reported by ClusterFuzz, May 9 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6619866664009728

Fuzzer: ochang_domfuzzer
Job Type: linux_asan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  blink::Node::hasEditableStyle
  blink::CompositeEditCommand::insertNodeBefore
  blink::RemoveNodePreservingChildrenCommand::doApply
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=392043:392265

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94tKo9k0_ZQnVW_2fDtwEVXwWwjJ95aHQzWsabPRKdJ1Jfqz3IhY1K9LIovzELOD8qgsHy-UcpPcmkI9EgrFd5e3YGPdifnIBXEX-2j5tbUVbNAOWNYNB_POEMdAp0Hyc4EkjsiaNpCri0gn2zM2Ob8cA2eGU_FxFIlxWU2fVpKWcCuvA4


Additional requirements: Requires Gestures

Filer: rnimmagadda

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
 
Labels: -Pri-1 findit-for-crash Te-Logged ToolsTestsFindItCorrectResult M-50 Pri-2
Owner: keishi@chromium.org
Status: Assigned (was: Available)
Author: keishi
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/54c2f4c9998fc76d13ba11e75cffbfa0f9763c35
Time: Mon Apr 11 04:04:55 2016
The CL last changed line 54 of file RemoveNodePreservingChildrenCommand.cpp, which is stack frame 4.

@keishi: Could you please look into this issue.

Thank you.
Components: Blink>Editing
Components: Tools>Test>FindIt>CorrectResult
Labels: -ToolsTestsFindItCorrectResult
Cc: keishi@chromium.org
Owner: yosin@chromium.org
no suspicious CLs in regression range.
+yosin could you check?
Project Member

Comment 5 by ClusterFuzz, May 12 2016

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6619866664009728

Fuzzer: ochang_domfuzzer
Job Type: linux_asan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  blink::Node::hasEditableStyle
  blink::CompositeEditCommand::insertNodeBefore
  blink::RemoveNodePreservingChildrenCommand::doApply
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=392043:392265

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94tKo9k0_ZQnVW_2fDtwEVXwWwjJ95aHQzWsabPRKdJ1Jfqz3IhY1K9LIovzELOD8qgsHy-UcpPcmkI9EgrFd5e3YGPdifnIBXEX-2j5tbUVbNAOWNYNB_POEMdAp0Hyc4EkjsiaNpCri0gn2zM2Ob8cA2eGU_FxFIlxWU2fVpKWcCuvA4


Additional requirements: Requires Gestures

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 6 by ClusterFuzz, May 19 2016

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5598616235802624

Fuzzer: bj_broddelwerk
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  blink::Node::hasEditableStyle
  blink::CompositeEditCommand::insertNodeBefore
  blink::InsertTextCommand::insertTab
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=209699:209703

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97mvPw9S66xk4bnKCaVzDSQCm0lNIvtVqath83LD6AS3E6KsiM5DIwmimXCRU1OFQc9iMvqZG1lvkqsfwhGgGDAUXZUF2fRQ5KR2JCmtDqfIek6AuU1BU6ntpuNAz5uMS_WxZ6uehJ4oySjBqmO9YV5dzqRwDyGSvcMXDfW7RPwjTT-pxQ


Additional requirements: Requires Gestures

Filer: ranjitkan

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 7 by yosin@chromium.org, Jun 10 2016

Cc: -keishi@chromium.org
Components: Blink>Editing>Command
Owner: ----
Status: Available (was: Assigned)
Summary: Italic command crashes with unusual HTML (was: Crash in blink::Node::hasEditableStyle)
Lower to Pri-2, since real world usage of Italic command is low.
Project Member

Comment 8 by ClusterFuzz, Jun 23 2016

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5598616235802624

Fuzzer: bj_broddelwerk
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  blink::Node::hasEditableStyle
  blink::CompositeEditCommand::insertNodeBefore
  blink::InsertTextCommand::insertTab
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=209699:209703

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97mvPw9S66xk4bnKCaVzDSQCm0lNIvtVqath83LD6AS3E6KsiM5DIwmimXCRU1OFQc9iMvqZG1lvkqsfwhGgGDAUXZUF2fRQ5KR2JCmtDqfIek6AuU1BU6ntpuNAz5uMS_WxZ6uehJ4oySjBqmO9YV5dzqRwDyGSvcMXDfW7RPwjTT-pxQ?testcase_id=5598616235802624


Additional requirements: Requires Gestures

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Comment 9 by yosin@chromium.org, Jun 24 2016

Status: WontFix (was: Available)
Mark WontFix according to #c8
Project Member

Comment 10 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment