New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 629337 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Dec 2016
Cc:
mummare...@chromium.org
editing-dev@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows
Pri: 2
Type: Bug



Sign in to add a comment

InsertListCommand hits DCHECK with display:none

Project Member Reported by ClusterFuzz, Jul 18 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5817390541832192

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  nextListChild != listChildNode in InsertListCommand.cpp
  blink::InsertListCommand::unlistifyParagraph
  blink::InsertListCommand::doApplyForSingleParagraph
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=268656:269696

Minimized Testcase (2.31 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95VI_hoLtxqTDXeyxdEEabHWw63W6X5p8aRx7ncvLsRPb-Y994sgQHXAusReMODibGREtq6m40Mgxcpu-HG36Lj9rZpfOGTuLuwEoWHj9RRek_byDvqUjOg8fv_1n1fXYvPBhVTshpPTn6ymGkKY6lbwyxNsg?testcase_id=5817390541832192

Filer: mummareddy

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by mummare...@chromium.org, Jul 18 2016

Components: Tools>Test>FindIt>NoResult
Labels: Te-Logged M-52
Owner: yosin@chromium.org
Status: Assigned (was: Available)
Through code search on file InsertListCommand.cpp
suspected CL is 
https://chromium.googlesource.com/chromium/src/+/fbe3957372bd491e417021a518f516428c1be64a
yosin@, could you please have a look and reassign to correct owner?
Thank you.

Comment 2 by yosin@chromium.org, Jul 21 2016

Components: Blink>Editing>Command
Labels: -Pri-1 OS-Windows Pri-2
Owner: ----
Status: Available (was: Assigned)
Summary: InsertListCommand hits DCHECK with display:none (was: nextListChild != listChildNode in InsertListCommand.cpp)
Lower to Pri-2, since real world usage of InsertUnorderedList command is low.

DOM Tree at assertion: nextListChild != listChildNode in InsertListCommand.cpp

nextListChild->showTreeForThis()
Function blink::Node::showTreeForThis has no address, possibly due to compiler optimizations.
m_endingSelection.showTreeForThis()
BODY	000003D7467433A0 (editable) (focused)
	UL	000003D746748628 (editable)
		BDO	000003D746748EC0 (editable)
SE			#text	000003D746748F28 "YY~~~~nQHM"
			CQQQQQQ5!!!!!!!!!(VQ]<	000003D746748F78 (editable)
				svg	000003D746748FE0 (editable)
					#text	000003D746749138 "G:::::::::,7777[N3.JJJJJJJJJJJ[&"
				SPAN	000003D746749188 (editable)
					VIDEO	000003D7467491F0 (editable)
						#shadow-root	000003D746749710
							DIV	000003D7467498E8
								DIV	000003D746749AB0
									INPUT	000003D746749B48 STYLE="display: none;"
										#shadow-root	000003D746749C88
											#text	000003D746749DC0 ""
								DIV	000003D746749E10
									DIV	000003D746749EA8 STYLE="display: none;"
										INPUT	000003D746749FB0
											#shadow-root	000003D74674A0E8
												#text	000003D74674A220 ""
										DIV	000003D74674A620 STYLE="display: none;"
											#text	000003D74674B700 "0:00"
										DIV	000003D74674A6C0 STYLE="display: none;"
											#text	000003D74674B6B0 "/ 0:00"
										INPUT	000003D74674A270 STYLE="display: none;"
											#shadow-root	000003D74674A3A8
												DIV	000003D74674A5B8
													DIV	000003D74674A4E0 ID="track"
														DIV	000003D74674A548 ID="thumb"
										INPUT	000003D74674A760 STYLE="display: none;"
											#shadow-root	000003D74674A898
												#text	000003D74674A9D0 ""
										INPUT	000003D74674AA20 STYLE="display: none;"
											#shadow-root	000003D74674AB58
												DIV	000003D74674AD68
													DIV	000003D74674AC90 ID="track"
														DIV	000003D74674ACF8 ID="thumb"
										INPUT	000003D74674ADD0 STYLE="display: none;"
											#shadow-root	000003D74674AF08
												#text	000003D74674B040 ""
										INPUT	000003D74674B090 STYLE="display: none;"
											#shadow-root	000003D74674B1D0
												#text	000003D74674B308 ""
										INPUT	000003D74674B358 STYLE="display: none;"
											#shadow-root	000003D74674B490
												#text	000003D74674B5C8 ""
								DIV	000003D74674B618 STYLE="display: none;"
						#text	000003D7467497E0 "6Kx`SlT&nnnnjj&&&&&&&&&&&&Tiiiii"
					H6	000003D746749830 (editable)
						#text	000003D746749898 "k___________bbbbb:6==sUUUUA(x/b;"
		LI	000003D746748690 (editable)
			BDO	000003D74674B7A8 (editable)
				#text	000003D74674B810 "YY~~~~nQHM"
				CQQQQQQ5!!!!!!!!!(VQ]<	000003D74674B860 (editable)
					svg	000003D74674B8C8 (editable)
						#text	000003D74674BA20 "G:::::::::,7777[N3.JJJJJJJJJJJ[&"
					SPAN	000003D74674BA70 (editable)
						VIDEO	000003D74674BAD8 (editable)
							#shadow-root	000003D74674BFF8
								DIV	000003D74674C1D0
									DIV	000003D74674C398
										INPUT	000003D74674C430 STYLE="display: none;"
											#shadow-root	000003D74674C570
												#text	000003D74674C6A8 ""
									DIV	000003D74674C6F8
										DIV	000003D74674C790 STYLE="display: none;"
											INPUT	000003D74674C898
												#shadow-root	000003D74674C9D0
													#text	000003D74674CB08 ""
											DIV	000003D74674CF08 STYLE="display: none;"
												#text	000003D74674DFE8 "0:00"
											DIV	000003D74674CFA8 STYLE="display: none;"
												#text	000003D74674DF98 "/ 0:00"
											INPUT	000003D74674CB58 STYLE="display: none;"
												#shadow-root	000003D74674CC90
													DIV	000003D74674CEA0
														DIV	000003D74674CDC8 ID="track"
															DIV	000003D74674CE30 ID="thumb"
											INPUT	000003D74674D048 STYLE="display: none;"
												#shadow-root	000003D74674D180
													#text	000003D74674D2B8 ""
											INPUT	000003D74674D308 STYLE="display: none;"
												#shadow-root	000003D74674D440
													DIV	000003D74674D650
														DIV	000003D74674D578 ID="track"
															DIV	000003D74674D5E0 ID="thumb"
											INPUT	000003D74674D6B8 STYLE="display: none;"
												#shadow-root	000003D74674D7F0
													#text	000003D74674D928 ""
											INPUT	000003D74674D978 STYLE="display: none;"
												#shadow-root	000003D74674DAB8
													#text	000003D74674DBF0 ""
											INPUT	000003D74674DC40 STYLE="display: none;"
												#shadow-root	000003D74674DD78
													#text	000003D74674DEB0 ""
									DIV	000003D74674DF00 STYLE="display: none;"
							#text	000003D74674C0C8 "6Kx`SlT&nnnnjj&&&&&&&&&&&&Tiiiii"
						H6	000003D74674C118 (editable)
							#text	000003D74674C180 "k___________bbbbb:6==sUUUUA(x/b;"
			#text	000003D746748888 "YY~~~~nQHM"
			CQQQQQQ5!!!!!!!!!(VQ]<	000003D7467488D8 (editable)
				BDO	000003D74674E090 (editable)
					#text	000003D74674E0F8 "YY~~~~nQHM"
					CQQQQQQ5!!!!!!!!!(VQ]<	000003D74674E148 (editable)
						svg	000003D74674E1B0 (editable)
							#text	000003D74674E308 "G:::::::::,7777[N3.JJJJJJJJJJJ[&"
						SPAN	000003D74674E358 (editable)
							VIDEO	000003D74674E3C0 (editable)
								#shadow-root	000003D74674E8E0
									DIV	000003D74674EAB8
										DIV	000003D74674EC80
											INPUT	000003D74674ED18 STYLE="display: none;"
												#shadow-root	000003D74674EE58
													#text	000003D74674EF90 ""
										DIV	000003D74674EFE0
											DIV	000003D74674F078 STYLE="display: none;"
												INPUT	000003D74674F180
													#shadow-root	000003D74674F2B8
														#text	000003D74674F3F0 ""
												DIV	000003D74674F7F0 STYLE="display: none;"
													#text	000003D7467508D0 "0:00"
												DIV	000003D74674F890 STYLE="display: none;"
													#text	000003D746750880 "/ 0:00"
												INPUT	000003D74674F440 STYLE="display: none;"
													#shadow-root	000003D74674F578
														DIV	000003D74674F788
															DIV	000003D74674F6B0 ID="track"
																DIV	000003D74674F718 ID="thumb"
												INPUT	000003D74674F930 STYLE="display: none;"
													#shadow-root	000003D74674FA68
														#text	000003D74674FBA0 ""
												INPUT	000003D74674FBF0 STYLE="display: none;"
													#shadow-root	000003D74674FD28
														DIV	000003D74674FF38
															DIV	000003D74674FE60 ID="track"
																DIV	000003D74674FEC8 ID="thumb"
												INPUT	000003D74674FFA0 STYLE="display: none;"
													#shadow-root	000003D7467500D8
														#text	000003D746750210 ""
												INPUT	000003D746750260 STYLE="display: none;"
													#shadow-root	000003D7467503A0
														#text	000003D7467504D8 ""
												INPUT	000003D746750528 STYLE="display: none;"
													#shadow-root	000003D746750660
														#text	000003D746750798 ""
										DIV	000003D7467507E8 STYLE="display: none;"
								#text	000003D74674E9B0 "6Kx`SlT&nnnnjj&&&&&&&&&&&&Tiiiii"
							H6	000003D74674EA00 (editable)
								#text	000003D74674EA68 "k___________bbbbb:6==sUUUUA(x/b;"
				svg	000003D746748940 (editable)
				#text	000003D746748B00 "/]EEEEY7d#####___jt9"NNNNNNNNNNN"
		LI	000003D746748BB8 (editable)
			BDO	000003D746750978 (editable)
				#text	000003D7467509E0 "YY~~~~nQHM"
				CQQQQQQ5!!!!!!!!!(VQ]<	000003D746750A30 (editable)
					svg	000003D746750A98 (editable)
						#text	000003D746750BF0 "G:::::::::,7777[N3.JJJJJJJJJJJ[&"
					SPAN	000003D746750C40 (editable)
						VIDEO	000003D746750CA8 (editable)
							#shadow-root	000003D7467511C8
								DIV	000003D7467513A0
									DIV	000003D746751568
										INPUT	000003D746751600 STYLE="display: none;"
											#shadow-root	000003D746751740
												#text	000003D746751878 ""
									DIV	000003D7467518C8
										DIV	000003D746751960 STYLE="display: none;"
											INPUT	000003D746751A68
												#shadow-root	000003D746751BA0
													#text	000003D746751CD8 ""
											DIV	000003D7467520D8 STYLE="display: none;"
												#text	000003D7467531B8 "0:00"
											DIV	000003D746752178 STYLE="display: none;"
												#text	000003D746753168 "/ 0:00"
											INPUT	000003D746751D28 STYLE="display: none;"
												#shadow-root	000003D746751E60
													DIV	000003D746752070
														DIV	000003D746751F98 ID="track"
															DIV	000003D746752000 ID="thumb"
											INPUT	000003D746752218 STYLE="display: none;"
												#shadow-root	000003D746752350
													#text	000003D746752488 ""
											INPUT	000003D7467524D8 STYLE="display: none;"
												#shadow-root	000003D746752610
													DIV	000003D746752820
														DIV	000003D746752748 ID="track"
															DIV	000003D7467527B0 ID="thumb"
											INPUT	000003D746752888 STYLE="display: none;"
												#shadow-root	000003D7467529C0
													#text	000003D746752AF8 ""
											INPUT	000003D746752B48 STYLE="display: none;"
												#shadow-root	000003D746752C88
													#text	000003D746752DC0 ""
											INPUT	000003D746752E10 STYLE="display: none;"
												#shadow-root	000003D746752F48
													#text	000003D746753080 ""
									DIV	000003D7467530D0 STYLE="display: none;"
							#text	000003D746751298 "6Kx`SlT&nnnnjj&&&&&&&&&&&&Tiiiii"
						H6	000003D7467512E8 (editable)
							#text	000003D746751350 "k___________bbbbb:6==sUUUUA(x/b;"
			#text	000003D746748DB0 "k___________bbbbb:6==sUUUUA(x/b;"
	BDO	000003D746745D48 (editable)
		VIDEO	000003D746743790 (editable)
			#shadow-root	000003D746743CB0
				DIV	000003D746743E88
					DIV	000003D746744050
						INPUT	000003D7467440E8 STYLE="display: none;"
							#shadow-root	000003D746744228
								#text	000003D746744360 ""
					DIV	000003D7467443B0
						DIV	000003D746744448 STYLE="display: none;"
							INPUT	000003D746744550
								#shadow-root	000003D746744688
									#text	000003D7467447C0 ""
							DIV	000003D746744BC0 STYLE="display: none;"
								#text	000003D746745CA0 "0:00"
							DIV	000003D746744C60 STYLE="display: none;"
								#text	000003D746745C50 "/ 0:00"
							INPUT	000003D746744810 STYLE="display: none;"
								#shadow-root	000003D746744948
									DIV	000003D746744B58
										DIV	000003D746744A80 ID="track"
											DIV	000003D746744AE8 ID="thumb"
							INPUT	000003D746744D00 STYLE="display: none;"
								#shadow-root	000003D746744E38
									#text	000003D746744F70 ""
							INPUT	000003D746744FC0 STYLE="display: none;"
								#shadow-root	000003D7467450F8
									DIV	000003D746745308
										DIV	000003D746745230 ID="track"
											DIV	000003D746745298 ID="thumb"
							INPUT	000003D746745370 STYLE="display: none;"
								#shadow-root	000003D7467454A8
									#text	000003D7467455E0 ""
							INPUT	000003D746745630 STYLE="display: none;"
								#shadow-root	000003D746745770
									#text	000003D7467458A8 ""
							INPUT	000003D7467458F8 STYLE="display: none;"
								#shadow-root	000003D746745A30
									#text	000003D746745B68 ""
					DIV	000003D746745BB8 STYLE="display: none;"
			BDO	000003D746753260 (editable)
				#text	000003D7467532C8 "YY~~~~nQHM"
				CQQQQQQ5!!!!!!!!!(VQ]<	000003D746753318 (editable)
					svg	000003D746753380 (editable)
						#text	000003D7467534D8 "G:::::::::,7777[N3.JJJJJJJJJJJ[&"
					SPAN	000003D746753528 (editable)
						VIDEO	000003D746753590 (editable)
							#shadow-root	000003D746753AB0
								DIV	000003D746753C88
									DIV	000003D746753E50
										INPUT	000003D746753EE8 STYLE="display: none;"
											#shadow-root	000003D746754028
												#text	000003D746754160 ""
									DIV	000003D7467541B0
										DIV	000003D746754248 STYLE="display: none;"
											INPUT	000003D746754350
												#shadow-root	000003D746754488
													#text	000003D7467545C0 ""
											DIV	000003D7467549C0 STYLE="display: none;"
												#text	000003D746755AA0 "0:00"
											DIV	000003D746754A60 STYLE="display: none;"
												#text	000003D746755A50 "/ 0:00"
											INPUT	000003D746754610 STYLE="display: none;"
												#shadow-root	000003D746754748
													DIV	000003D746754958
														DIV	000003D746754880 ID="track"
															DIV	000003D7467548E8 ID="thumb"
											INPUT	000003D746754B00 STYLE="display: none;"
												#shadow-root	000003D746754C38
													#text	000003D746754D70 ""
											INPUT	000003D746754DC0 STYLE="display: none;"
												#shadow-root	000003D746754EF8
													DIV	000003D746755108
														DIV	000003D746755030 ID="track"
															DIV	000003D746755098 ID="thumb"
											INPUT	000003D746755170 STYLE="display: none;"
												#shadow-root	000003D7467552A8
													#text	000003D7467553E0 ""
											INPUT	000003D746755430 STYLE="display: none;"
												#shadow-root	000003D746755570
													#text	000003D7467556A8 ""
											INPUT	000003D7467556F8 STYLE="display: none;"
												#shadow-root	000003D746755830
													#text	000003D746755968 ""
									DIV	000003D7467559B8 STYLE="display: none;"
							#text	000003D746753B80 "6Kx`SlT&nnnnjj&&&&&&&&&&&&Tiiiii"
						H6	000003D746753BD0 (editable)
							#text	000003D746753C38 "k___________bbbbb:6==sUUUUA(x/b;"
			#text	000003D746743D80 "6Kx`SlT&nnnnjj&&&&&&&&&&&&Tiiiii"
		CQQQQQQ5!!!!!!!!!(VQ]<	000003D746745E00 (editable)
			SPAN	000003D746746010 (editable)
				VIDEO	000003D746746078 (editable)
					#shadow-root	000003D746746598
						DIV	000003D746746770
							DIV	000003D746746938
								INPUT	000003D7467469D0 STYLE="display: none;"
									#shadow-root	000003D746746B10
										#text	000003D746746C48 ""
							DIV	000003D746746C98
								DIV	000003D746746D30 STYLE="display: none;"
									INPUT	000003D746746E38
										#shadow-root	000003D746746F70
											#text	000003D7467470A8 ""
									DIV	000003D7467474A8 STYLE="display: none;"
										#text	000003D746748588 "0:00"
									DIV	000003D746747548 STYLE="display: none;"
										#text	000003D746748538 "/ 0:00"
									INPUT	000003D7467470F8 STYLE="display: none;"
										#shadow-root	000003D746747230
											DIV	000003D746747440
												DIV	000003D746747368 ID="track"
													DIV	000003D7467473D0 ID="thumb"
									INPUT	000003D7467475E8 STYLE="display: none;"
										#shadow-root	000003D746747720
											#text	000003D746747858 ""
									INPUT	000003D7467478A8 STYLE="display: none;"
										#shadow-root	000003D7467479E0
											DIV	000003D746747BF0
												DIV	000003D746747B18 ID="track"
													DIV	000003D746747B80 ID="thumb"
									INPUT	000003D746747C58 STYLE="display: none;"
										#shadow-root	000003D746747D90
											#text	000003D746747EC8 ""
									INPUT	000003D746747F18 STYLE="display: none;"
										#shadow-root	000003D746748058
											#text	000003D746748190 ""
									INPUT	000003D7467481E0 STYLE="display: none;"
										#shadow-root	000003D746748318
											#text	000003D746748450 ""
							DIV	000003D7467484A0 STYLE="display: none;"
					#text	000003D746746668 "6Kx`SlT&nnnnjj&&&&&&&&&&&&Tiiiii"
<void>
Project Member

Comment 3 by ClusterFuzz, Jul 28 2016 

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4782834472714240

Fuzzer: inferno_twister
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  nextListChild != listChildNode (FORM id="tCF7" vs. FORM id="tCF7") in InsertList
  blink::InsertListCommand::unlistifyParagraph
  blink::InsertListCommand::doApplyForSingleParagraph
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=268656:269696

Minimized Testcase (0.14 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv95vlenIYVmey2Zb8yvl3zk5o7vg8xZZhTdXELYNbn39DIwOgWjN4ZT-rvDhv_1kgMThHq4sKjFAKiPayeXtwRbt0Tk3OD-tmhdAf546psxpZsYfjCGetJ4k3hP-huzPwrN05vDsnkIBa_-JVrahREBh78AkNQ?testcase_id=4782834472714240
<ul>
<form id=tCF7>	
<hr>><script>
  document.designMode="on";document.execCommand("SelectAll");  
  document.execCommand("Outdent");  
</script>


Filer: rnimmagadda

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Project Member

Comment 4 by ClusterFuzz, Sep 20 2016 

ClusterFuzz has detected this issue as fixed in range 413122:413173.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5817390541832192

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  nextListChild != listChildNode in InsertListCommand.cpp
  blink::InsertListCommand::unlistifyParagraph
  blink::InsertListCommand::doApplyForSingleParagraph
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=268656:269696
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=413122:413173

Minimized Testcase (2.31 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95VI_hoLtxqTDXeyxdEEabHWw63W6X5p8aRx7ncvLsRPb-Y994sgQHXAusReMODibGREtq6m40Mgxcpu-HG36Lj9rZpfOGTuLuwEoWHj9RRek_byDvqUjOg8fv_1n1fXYvPBhVTshpPTn6ymGkKY6lbwyxNsg?testcase_id=5817390541832192

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Comment 5 by kateso...@chromium.org, Oct 18 2016

Components: -Tools>Test>FindIt>NoResult
Project Member

Comment 6 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 7 by ClusterFuzz, Dec 22 2016

Status: WontFix (was: Available)
ClusterFuzz testcase 4782834472714240 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment