JustifyCenter command crashes with IFRAME |
|||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6402859797315584 Fuzzer: inferno_layout_test_unmodified Job Type: windows_syzyasan_content_shell Platform Id: windows Crash Type: UNKNOWN Crash Address: 0x0000000b Crash State: blink::isHTMLDivElement blink::CompositeEditCommand::isRemovableBlock blink::DeleteSelectionCommand::removeRedundantBlocks Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=408586:408599 Minimized Testcase (2.84 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95EfPimNqbGbHWZKBDVfGRzWPOZQc-u7HWLbTPa3jrsUhD-_soaPZ2gXlAfA0naNdYFA9LixeditP0ZS7AmIwGcujh9DSeIA11MndQhS6HguRCcA_09my8JL13s11bCEbRvy70WcSvxI_T5arxR-VfRs93_gQ?testcase_id=6402859797315584 Filer: mmohammad See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 29 2016
,
Aug 1 2016
Lower to Pri-2, since real world usage of JustifyCenter commad is low.
DOM Tree at DCHECK()
m_endingPosition.showTreeForThis()
BODY 000002475E6C3358 (editable) (focused)
DIV 000002475E6C33C0 (editable)
UL 000002475E6C8770 (editable)
* LI 000002475E6C87D8 (editable)
H5 000002475E6C36C0 (editable)
svg 000002475E6C3728 (editable)
BLOCKQUOTE 000002475E6CA290 (editable)
#text 000002475E6CA2F8 ".$;;;;;;;;;;;;;;;;;;44444I/XbbcE"
optgroup 000002475E6CA348 (editable)
#text 000002475E6CA3F8 "TTTT\\\\\\\\\\:^(xyyyWL\\\\\\\\\\\\\\\\":4444"
CODE 000002475E6CA448 (editable)
#text 000002475E6CA4B0 "a(`?iqqqqqq/@@@@@@@@@@@@0-----j$"
svg 000002475E6CA500 (editable)
#text 000002475E6CA658 ")Q|......>>>>>>>>>!!!!!!X===^n1>"
DETAILS 000002475E6CA6A8 (editable)
#shadow-root 000002475E6CA718
CONTENT 000002475E6CAA90 ID="details-summary"
SUMMARY 000002475E6CA7E8
#shadow-root 000002475E6CA850
DIV 000002475E6CA920 ID="details-marker"
CONTENT 000002475E6CA988
#text 000002475E6CAA40 "Details"
DIV 000002475E6CAB48 ID="details-content" STYLE="display: none;"
CONTENT 000002475E6CABB0
#text 000002475E6CAC68 "11111m;,]];\\%%"'j>>>>>>>>>>>>>>>"
#text 000002475E6C38D0 "BGhN-,llll\\\\\\\\\\\\\\\\\\\\\\\\\\8U#::::::"
DIV 000002475E6CACB8 (editable)
BR 000002475E6CAD20 (editable)
DIV 000002475E6C3428 (editable)
#text 000002475E6C35B8 "lll|CCCCCCV:;;;;;wmmm^T6|H(((((("
APPLET 000002475E6C3608 (editable)
#text 000002475E6C3670 "OOOOO(>4rvv%_(((((((@@@@@@@@6666"
STYLE 000002475E6C3278 (editable)
#text 000002475E6C3308 "\n*{max-height:00000000000000000.7143338796716377503415174032852519303560256958007812500000000000000000000000000000000px;-webkit-user-modify:read-write;"
BR 000002475E6C8840 (editable)
<void>
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Dec 23 2016
ClusterFuzz testcase 6402859797315584 is flaky and no longer reproduces, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by mmohammad@chromium.org
, Jul 29 2016Status: Assigned (was: Untriaged)