New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 627074 link

Starred by 1 user
Status: WontFix
Owner:
kochi@chromium.org
Last visit > 30 days ago
Closed: Dec 2016
Cc:
yosin@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug



Sign in to add a comment

!document().isActive() || !document().needsLayoutTreeUpdateForNode(*this) in Ele

Project Member Reported by ClusterFuzz, Jul 11 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6497148246163456

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !document().isActive() || !document().needsLayoutTreeUpdateForNode(*this) in Ele
  blink::Element::isFocusable
  blink::Document::updateStyleAndLayoutTree
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=373758:373795

Minimized Testcase (0.49 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv94UpIkOzWpSHNdw0a1nnVHNP3x-VSNZwTZWphVFUYF79ynKrzb6-zwclVQ03ApY5kcrz8Opt0g0vPKyWULmu5GmgQnqWYyd5Gn0Xjc-bH0qpCowwYmlFy0wXuIu1t1RrHml89TCByCuoB5Vm6I9JbtPHDgTBQ?testcase_id=6497148246163456
<body>
<script>
var iframe = document.createElement('iframe');
document.body.appendChild(iframe);
var doc = iframe.contentDocument;
var focusableIframe = document.createElement('iframe');
doc.body.appendChild(focusableIframe);
focusableIframe.contentWindow.addEventListener('unload', function () {
    focusableIframe.focus();
});
document.body.appendChild(focusableIframe);
focusableIframe = document.createElement('iframe');
doc.body.appendChild(focusableIframe);
focusableIframe.focus();
</script>


Filer: kavvaru

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by kavvaru@chromium.org, Jul 11 2016

Components: Tools>Test>FindIt>NoResult Blink
Labels: Te-Logged M-52
Owner: tkent@chromium.org
Status: Assigned (was: Available)
Change Log::
==============
https://chromium.googlesource.com/chromium/src/+log/c3ff17df58f9e1f5a7a4b9752597e060ded8c93a..a4becae24a1347569a22dd5b5f5012ba1b39bcd1?pretty=fuller

Possible suspect 
https://codereview.chromium.org/1667623002

tkent @ could you please look into this issue if it is related to your change,else please help us in finding the appropriate owner for this issue.

Thanks,

Comment 2 by chrishtr@chromium.org, Jul 11 2016

Components: -Blink Blink>DOM

Comment 3 by tkent@chromium.org, Jul 12 2016

Components: -Blink>DOM Blink>Focus
Labels: -M-52
Owner: ----
Status: Available (was: Assigned)
Looks the ASSERT my CL added found an old issue.

Comment 4 by kochi@chromium.org, Jul 20 2016

Labels: -OS-Linux OS-All
Owner: kochi@chromium.org
Status: Assigned (was: Available)

Comment 5 by kochi@chromium.org, Jul 20 2016

Status: Started (was: Assigned)

Comment 6 by kochi@chromium.org, Jul 28 2016

Labels: -Pri-1 -ClusterFuzz Clusterfuzz Pri-2
Made a CL but trying to solve in another approach.
https://codereview.chromium.org/2163893002/ (closed)

This should not happen very often in the wild, and is not a security issue,
lowering the priority.

Comment 7 by kateso...@chromium.org, Oct 18 2016

Components: -Tools>Test>FindIt>NoResult
Project Member

Comment 8 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 9 by kochi@chromium.org, Nov 29 2016

Cc: yosin@chromium.org
Status: Available (was: Started)
Project Member

Comment 10 by ClusterFuzz, Dec 29 2016

Status: WontFix (was: Available)
ClusterFuzz testcase 6497148246163456 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Comment 11 by benhenry@chromium.org, Sep 29 2017

Components: Blink>HTML>Focus

Comment 12 by benhenry@chromium.org, Sep 29 2017

Components: -Blink>Focus

Sign in to add a comment