New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 632880 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: Jan 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 3
Type: Bug



Sign in to add a comment

Solo call of textInputController.markedRange() crashes

Project Member Reported by ClusterFuzz, Jul 29 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6539181790855168

Fuzzer: inferno_layout_test_unmodified
Job Type: windows_syzyasan_content_shell
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x00000023
Crash State:
  blink::RangeBoundaryPoint::isOffsetValid
  blink::RangeBoundaryPoint::ensureOffsetIsValid
  blink::WebRange::startOffset
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=408405:408557

Minimized Testcase (0.05 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv9443f4zPY8SXhoO1QXXdfwwZAXs6QIzizzzZYhg_cESA9IvG9Bq5ZcDIUoBEBo53vquJ6XHmVhJHBtXFHEc0MdbULABpOFXcbq23eb-lCDIxkjEZ1SClENDTdkpb3WN04urYdPfe1a4pdqMx3E8QQ2eocul5Q?testcase_id=6539181790855168
<script>
textInputController.markedRange();
</script>


Filer: mmohammad

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
 
Owner: yosin@chromium.org
Status: Assigned (was: Untriaged)
suspected cl :https://chromium.googlesource.com/chromium/src/+/023a90124852ea2ceab04d4a5662e1dcb5caba68%5E%21/third_party/WebKit/Source/core/dom/RangeBoundaryPoint.h

yosin@ could you please look into this. thanks

Comment 2 by yosin@chromium.org, Aug 2 2016

Components: Blink>Editing
Labels: -OS-Windows -Pri-1 OS-All Pri-3
Owner: ----
Status: Available (was: Assigned)
Summary: Solo call of textInputController.markedRange() crashes (was: Crash in blink::RangeBoundaryPoint::isOffsetValid)
Lowe to Pri-2 since textInputController isn't exposed to web == no use impact. It is only available for testing.
Project Member

Comment 3 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Cc: msrchandra@chromium.org tfarina@chromium.org
Labels: Test-Predator-Wrong-CLs
Owner: dglazkov@chromium.org
Status: Assigned (was: Available)
Unable to find the possible suspect from CL and Find it.
Using Code Search for the file, "blink::WebRange::startOffset" assigning to the concern owner.

@dglazkov -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.
Owner: ----
Status: Available (was: Assigned)
msrchandra@, there's no need assign owners to triaged bugs. The Editing team (Blink>Editing) already has it on their backlog and it's their responsibility to manage it.
Project Member

Comment 6 by ClusterFuzz, Jan 14 2017

Status: WontFix (was: Available)
ClusterFuzz testcase 6539181790855168 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment