New issue
Advanced search Search tips

Issue 613922 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: Dec 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug-Regression



Sign in to add a comment

InsertUnorderedList command with unusual HTML crashes

Project Member Reported by ClusterFuzz, May 23 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4569621361590272

Fuzzer: bj_broddelwerk
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000048
Crash State:
  blink::CompositeEditCommand::insertNodeAfter
  blink::InsertListCommand::unlistifyParagraph
  blink::InsertListCommand::doApplyForSingleParagraph
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=144946:145047

Minimized Testcase (5.89 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94XQyDlvqwbJ3vh6KJIPNyPV56IbPbubB8BOStg5Pm7kQFLRNRCC1pmfQzSISI883AtKHPQsN5lKN3AZa1CdbaM5nJOvRw-ZFLc8nJiDZKmy5J8MkGYlM5jjf6E8ubvELSO0j-uGW_dLrebzP2UWsA7avG75w

Filer: nyerramilli

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
 
Cc: nyerramilli@chromium.org
Components: Tools>Test>FindIt>WrongResult Blink>Editing
Labels: -Pri-1 -Type-Bug findit-wrong Te-Logged M-53 Pri-2 Type-Bug-Regression
Owner: yosin@chromium.org
Status: Assigned (was: Available)
using code search, 'CompositeEditCommand.cpp' in https://chromium.googlesource.com/chromium/src/+/71a4c4869cce395142e13bd2a6eec482a7b3a3bc
yosin@, Could you please check the above issue & help us in finding an owner it its not yours.


providing the Find it results for internal purpose:

No CL in the regression range changes the crashed files. The result is the blame information.

Author: wibling@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/a4c3a7dd738ac5789cbdbf82b6c63627154ec46a
Time: Thu Apr 03 13:08:44 2014
The CL last changed line 728 of file Handle.h, which is stack frame 0.

Author: darin
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/ef23f59a5095498a305b86f710801b283fdbdbc5
Time: Mon May 07 02:56:37 2007
The CL last changed line 76 of file ContainerNode.h, which is stack frame 1.

Author: yosin@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/fa2dca0b50eb5da1b0f7a85bc5c5473886c37155
Time: Tue Aug 18 04:23:01 2015
The CL last changed line 335 of file CompositeEditCommand.cpp, which is stack frame 2.

Author: tkent
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/45632fb469f9738299adf8f0877812138bd6d682
Time: Tue Feb 16 07:06:59 2016
The CL last changed line 380 of file InsertListCommand.cpp, which is stack frame 3.

Author: keishi
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/54c2f4c9998fc76d13ba11e75cffbfa0f9763c35
Time: Mon Apr 11 04:04:55 2016
The CL last changed line 313 of file InsertListCommand.cpp, which is stack frame 4.

Author: tkent
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/2df3e5c169263f58f3da42ef4d2b518a362f2df5
Time: Wed Feb 10 05:12:58 2016
The CL last changed line 222 of file InsertListCommand.cpp, which is stack frame 5.

Author: tkent
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/141f0e9340ec887e341ba89a712c6539205a8292
Time: Tue Feb 09 12:09:23 2016
The CL last changed line 208 of file CompositeEditCommand.cpp, which is stack frame 6.

Suspected Project: chromium-blink
Suspected Component: Blink>Editing

Comment 2 by yosin@chromium.org, Jun 10 2016

Components: Blink>Editing>Command
Labels: -OS-Linux OS-All
Owner: ----
Status: Available (was: Assigned)
Summary: InsertUnorderedList command with unusual HTML crashes (was: Crash in blink::CompositeEditCommand::insertNodeAfter)
Lower to Pri-2, since real world usage of InsertUnorderedList is low.
Project Member

Comment 3 by sheriffbot@chromium.org, Jul 9 2016

Labels: -M-53 M-54 MovedFrom-53
Moving this nonessential bug to the next milestone.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Components: -Tools>Test>FindIt>WrongResult
Labels: Test-Predator-Wrong

Comment 5 by joone....@intel.com, Oct 26 2016

nyerramilli@ could you upload the minimized test case?
Project Member

Comment 6 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 7 by ClusterFuzz, Dec 22 2016

Status: WontFix (was: Available)
ClusterFuzz testcase 4569621361590272 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment