Outdent command with visibility:collapsed hits DCHEK |
|||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5199607084875776 Fuzzer: mbarbella_js_mutation_layout Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: isEndOfParagraph(endOfParagraphToMove). INPUT id="search1"@beforeAnchor/TextAffi blink::CompositeEditCommand::moveParagraph blink::IndentOutdentCommand::outdentParagraph Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=268656:269696 Minimized Testcase (0.38 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv948HDSEIcNnc5GUTfQfubpqLyJ7Tnb357eNO4orfC9BEk9b5It1YstRyPmEcFfsrsaOFZx2BZdiEyuXkbnZfcbtb0cKN3aiX_OyTWgfgFKb7OmjtWuP04ZIpbFRkY_9JOZq2xT6ibqQyJdsLLrEYcoFslCYkA?testcase_id=5199607084875776 <style> * { visibility: visible; } *:only-of-type { visibility: collapse; </style> <script> onload = function() { document.designMode = 'on'; var __v_0 = document.querySelector('blockquote'); getSelection().collapse(__v_0, 2); document.execCommand('Outdent'); }; </script> <blockquote> <table> <table> </table> <input id="search1"> <input> Filer: mmohammad See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 13 2016
The suspected CL didn't change any code logic. Route to Editing triage.
,
Jul 14 2016
DOM Tree at DCHECK BODY 00000240D9F632E8 (editable) BLOCKQUOTE 00000240D9F63AC8 (editable) #text 00000240D9F633B8 "\n " TABLE 00000240D9F63408 (editable) #text 00000240D9F63508 "\n " BR 00000240D9F63B30 (editable) BLOCKQUOTE 00000240D9F63350 (editable) TABLE 00000240D9F63488 (editable) #text 00000240D9F63558 "\n " #text 00000240D9F635A8 "\n " * INPUT 00000240D9F635F8 ID="search1" (editable) * #shadow-root 00000240D9F63700 * DIV 00000240D9F637D0 ID="inner-editor" (editable) #text 00000240D9F63838 "\n " INPUT 00000240D9F63888 (editable) #shadow-root 00000240D9F63990 DIV 00000240D9F63A60 ID="inner-editor" (editable)
,
Oct 7 2016
ClusterFuzz has detected this issue as fixed in range 423391:423439. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5199607084875776 Fuzzer: mbarbella_js_mutation_layout Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: isEndOfParagraph(endOfParagraphToMove). INPUT id="search1"@beforeAnchor/TextAffi blink::CompositeEditCommand::moveParagraph blink::IndentOutdentCommand::outdentParagraph Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=268656:269696 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=423391:423439 Minimized Testcase (0.38 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv948HDSEIcNnc5GUTfQfubpqLyJ7Tnb357eNO4orfC9BEk9b5It1YstRyPmEcFfsrsaOFZx2BZdiEyuXkbnZfcbtb0cKN3aiX_OyTWgfgFKb7OmjtWuP04ZIpbFRkY_9JOZq2xT6ibqQyJdsLLrEYcoFslCYkA?testcase_id=5199607084875776 <style> * { visibility: visible; } *:only-of-type { visibility: collapse; </style> <script> onload = function() { document.designMode = 'on'; var __v_0 = document.querySelector('blockquote'); getSelection().collapse(__v_0, 2); document.execCommand('Outdent'); }; </script> <blockquote> <table> <table> </table> <input id="search1"> <input> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 7 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by mmohammad@chromium.org
, Jul 13 2016Status: Assigned (was: Available)