Issue metadata
Sign in to add a comment
|
Crash in blink::handleStyleSpansBeforeInsertion |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6541416172093440 Fuzzer: inferno_layout_test_unmodified Job Type: windows_syzyasan_chrome Platform Id: windows Crash Type: UNKNOWN Crash Address: 0x00000030 Crash State: blink::handleStyleSpansBeforeInsertion blink::ReplaceSelectionCommand::doApply blink::CompositeEditCommand::apply Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_chrome&range=404191:404223 Minimized Testcase (0.47 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94ovCPxcCy2n3CWz7LRxhhiyD7aWHwoC53AkUJtS31TUMp_W2DceRLB-DffaKZ9_a_Cpe5AXOU_LK4HR_9XwdYXeYYqL1OKpaW6DOdtEu1g-ZT1A-I9BR6hJMQbxZezg-FC-HGb5lJDezWNY4ttbEyRZPE1Fw?testcase_id=6541416172093440 <script src="../../../resources/js-test-pre.js"></script> <script> function runTest() { description(); } </script> <body onload="runTest()"> <script> function fuzz() { document.designMode = 'on'; document.execCommand("selectAll"); document.execCommand("CreateLink",0,"foo"); document.execCommand("inserthtml",false,"<span id='green' style='color:green'>green</span>"); } setTimeout(fuzz); </script> Filer: ssamanoori See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 8 2016
,
Jul 8 2016
Moving this nonessential bug to the next milestone. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 14 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4517364431585280 Fuzzer: bj_broddelwerk Job Type: windows_syzyasan_chrome Platform Id: windows Crash Type: UNKNOWN Crash Address: 0x00000030 Crash State: blink::handleStyleSpansBeforeInsertion blink::ReplaceSelectionCommand::doApply blink::CompositeEditCommand::applyCommandToComposite Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_chrome&range=403457:403667 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94R_I0oCDaNDp3HwPflL91L3vgLpQY-pYK-BeWLdoPCCcHlEDnHnAsAOjXUnf0IDAbZBjiTFhMMWKwbXM6Ll2Kds1dFrYcaZrtoO1YYach2UbeVUYHw7VIsVY5vEVDdpA6ytcowcXJywxjWI4x6O6V5bGVBuN7Os3zZBWKvQidGamQupj8?testcase_id=4517364431585280 Filer: ashejole See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 15 2016
My change is literally a no-op rename, the new range doesn't even include that commit. I'd say this is likely from the change to Editor.cpp by yosin@ in https://chromium.googlesource.com/chromium/src/+/39b2a95285753ccf12ee6d0bff85509d1161e029.
,
Jul 20 2016
,
Oct 18 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ssamanoori@chromium.org
, Jul 8 2016Components: Tools>Test>FindIt>NoResult
Labels: -Type-Bug Te-Logged M-53 Type-Bug-Regression
Owner: sashab@chromium.org
Status: Assigned (was: Available)