Outdent command with visibility:collapsed crash |
||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5675747204661248 Fuzzer: mbarbella_js_mutation_layout Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: CHECK failed: isStartOfParagraph(startOfParagraphToMove). #text "\n 1 1 R1.1 1 blink::CompositeEditCommand::moveParagraph blink::IndentOutdentCommand::outdentParagraph Minimized Testcase (0.37 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95ZPXWXodTBvJ5SiDwN5XRw1dCyioPuBd5AQfjqmoClKWImXE7JhiCTZ18aFIIkx9taOAgc0VW6QxJvHSH7l3-PNoxgR3BVBUvI2zYjBj8HXMMHwwlIZNuKrctN677sQGmUlzlQvAoHGVhIEKS4Oyz1tQW4sw <div> </div> <div> 1 1 R1.1 1.1 <style> * { visibility: visible; } *:only-of-type { visibility: collapse; </style> <script> onload = function() { document.designMode = 'on'; var __v_1 = document.querySelector('blockquote'); getSelection().collapse(__v_1, 2); document.execCommand('Outdent'); }; </script> <blockquote> <table> <table> Filer: manoranjanr See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
May 23 2016
The change is not related to the crash.
,
Jun 6 2016
,
Jun 6 2016
,
Jun 10 2016
Lower to Pri-2, since real world usage of Outdent command is low.
,
Oct 7 2016
ClusterFuzz has detected this issue as fixed in range 423391:423439. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5675747204661248 Fuzzer: mbarbella_js_mutation_layout Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: isStartOfParagraph(startOfParagraphToMove). #text "\n 1 1 R1.1 1.1\n "@16/Tex blink::CompositeEditCommand::moveParagraph blink::IndentOutdentCommand::outdentParagraph Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=268656:269696 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=423391:423439 Minimized Testcase (0.37 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96ksl1Dtkomt4xNXbGPZWJ_zNXWVUyLWeMgAm0nsGWj0bj36WccidAjgv-kfCI5NTeceo8Ih8Gu-PlntjUnne8mDwq8SmFro41_ZA4jzd4fnaoLmFjQDC0NI6vzvbKmssw172FT6GXA4-uRYgRitz7CO9PrSQ?testcase_id=5675747204661248 <div> </div> <div> 1 1 R1.1 1.1 <style> * { visibility: visible; } *:only-of-type { visibility: collapse; </style> <script> onload = function() { document.designMode = 'on'; var __v_1 = document.querySelector('blockquote'); getSelection().collapse(__v_1, 2); document.execCommand('Outdent'); }; </script> <blockquote> <table> <table> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 7 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Oct 18 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by manoranj...@chromium.org
, May 20 2016Labels: Te-Logged
Owner: koten...@yandex-team.ru
Status: Assigned (was: Available)