InsertOrderedList command crashes with RUBY and DL |
|||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4775873597407232 Fuzzer: inferno_layout_test_unmodified Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: previousListChild != listChildNode in InsertListCommand.cpp blink::InsertListCommand::unlistifyParagraph blink::InsertListCommand::doApplyForSingleParagraph Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=380105:380146 Minimized Testcase (1.64 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96IK4KrK1QTYhJ8dsieSH7VWKm67p5D3QLSdOKhedBBUGBXRancDGtVeyCK6R6bAyzeGCUXzZedsHbe8d1fFUz7MNOpxLwtmw9T5UPPPQh6yaxLNfUHk4bXoqR4KsHHkUE0W8MT2zZ3f_lUzApPNBhyE-nL3g?testcase_id=4775873597407232 Filer: kavvaru See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 14 2016
,
Jul 14 2016
,
Jul 25 2016
Lower to Pri-2, since real world usage of InsertUnorderedList is low. DOM tree at DCHECK_NE() BODY 0000020511663288 (editable) RUBY 00000205116632F0 (editable) B 00000205116639A8 (editable) #text 0000020511663358 "\n" DL 00000205116633A8 (editable) #text 0000020511663410 "\n" UL 0000020511664160 (editable) DT 0000020511663460 (editable) #text 00000205116634C8 "\n" BUTTON 0000020511663518 (editable) SE IMG 0000020511663A10 (editable) B 0000020511663BF0 (editable) DL 0000020511663C58 STYLE="display: inline !important;" (editable) DT 0000020511663CC0 STYLE="display: inline !important;" (editable) BUTTON 0000020511663D28 (editable) DEL 0000020511663DD8 (editable) TABLE 0000020511663F30 (editable) COLGROUP 0000020511663FB0 (editable) COL 0000020511664020 (editable)
,
Sep 20 2016
ClusterFuzz has detected this issue as fixed in range 408557:408575. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4775873597407232 Fuzzer: inferno_layout_test_unmodified Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: previousListChild != listChildNode in InsertListCommand.cpp blink::InsertListCommand::unlistifyParagraph blink::InsertListCommand::doApplyForSingleParagraph Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=380105:380146 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=408557:408575 Minimized Testcase (1.64 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96IK4KrK1QTYhJ8dsieSH7VWKm67p5D3QLSdOKhedBBUGBXRancDGtVeyCK6R6bAyzeGCUXzZedsHbe8d1fFUz7MNOpxLwtmw9T5UPPPQh6yaxLNfUHk4bXoqR4KsHHkUE0W8MT2zZ3f_lUzApPNBhyE-nL3g?testcase_id=4775873597407232 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 20 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Oct 18 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by kavvaru@chromium.org
, Jul 14 2016Labels: Te-Logged M-52
Owner: sigbjo...@opera.com
Status: Assigned (was: Available)