Suspected CLs
=============
Findit could not determine the memory tool from the stacktrace. Is it in a new format?
==============

Suepecting the from code search on the file "EphemeralRange.cpp" based on recent changes made to it.
Suspect : https://codereview.chromium.org/2251703002
tkent@/yosin@ : Assigned/cced to the reviewer of this commit, as the unable to assign the orginal author of it.Could you please take a look into this and suggest on it.

Route to Editing triage.

Seems that a patch similar to  issue 640112  is needed.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5345d9cf9d3d0ad37cb56edd31aa0686d3ff22c5

commit 5345d9cf9d3d0ad37cb56edd31aa0686d3ff22c5
Author: xiaochengh <xiaochengh@chromium.org>
Date: Fri Aug 26 01:46:17 2016

Force expandEnd/RangeToSentenceBoundary to return a valid EphemeralRange

This is a first-aid patch that make expandEnd/RangeToSentenceBoundary()
compare the sentence boundaries found with the input range before
returning, so that the returned range is always a super-range of
the input range, and hence, a valid EphemeralRange.

This patch does not fix the root cause of the bugs, as we do not expect startOfSentence()'s return value to be beyond that of endOfSentence()'s.
It simply stops the crashing at expandEnd/RangeToSentenceBoundary.

BUG= 640905 
TEST=n/a; this is a first-aid patch

Review-Url: https://codereview.chromium.org/2274183003
Cr-Commit-Position: refs/heads/master@{#414624}

[modify] https://crrev.com/5345d9cf9d3d0ad37cb56edd31aa0686d3ff22c5/third_party/WebKit/Source/core/editing/spellcheck/SpellChecker.cpp

ClusterFuzz has detected this issue as fixed in range 414243:414352.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5238054313000960

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  m_startPosition <= m_endPosition in EphemeralRange.cpp
  blink::EphemeralRangeTemplate<>::EphemeralRangeTemplate
  blink::expandRangeToSentenceBoundary
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=411957:412168
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=414243:414352

Minimized Testcase (1.08 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97k2b25ZaxPs7Wkh4HKQMicYPJfsGWKlqEo_yL1gdp3V32214aLLgHegQtbeOpScNow-PQ4894EDt8kR89hbPWMulNh5N3UVqAE7mX_HwFIliKpQDMTpJkRnlKLC_byKVGG3RqR9IrJEK8ccFco9tiCW5ytHQ?testcase_id=5238054313000960

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot