layoutObject == node->layoutObject()tree should not changed in CaretBase.cpp |
||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4625137179820032 Fuzzer: bj_broddelwerk Job Type: mac_asan_chrome Platform Id: mac Crash Type: CHECK failure Crash Address: Crash State: layoutObject == node->layoutObject()tree should not changed in CaretBase.cpp blink::CaretBase::caretLayoutObject blink::CaretBase::invalidateLocalCaretRect Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=395786:395828 Minimized Testcase (3.58 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94Wn-a0eJ0rKjztqsUy1BuGoHm4D7gs_pZjtW0zRJWmkId5-WjaBf5Tn1b2tIpuxkH_Qjoq23WK_YpHxSEYqs40JHxsPRG4ovnNBz7QK5hkAegIsfLwM8du4KMJz_JCxuUfZC21pSvKAujekGv7DywWvQCjDw?testcase_id=4625137179820032 Issue manually filed by: msrchandra See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Sep 8 2016
,
Sep 12 2016
,
Sep 12 2016
crrev.com/1958093002 will fix this issue.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Dec 15 2016
Find it did not provide any possible suspect. From the CL, assigning to the concern owner -- https://chromium.googlesource.com/chromium/src/+log/1ae814d2d836ea64a076b0a6d193d83098e812d4..3644e8c55d11a9b4693aa20001b116cdbca266e2?pretty=fuller Suspecting Commit# https://chromium.googlesource.com/chromium/src/+/e4edfb63d1b068c5ab5dc6b91edf75c108ebc433 @yoichio -- Could you please look into the issue, kindly re-assign if this is not related to your changes. Thank You.
,
Feb 25 2017
CaretBase (now called CaretDisplayItem) doesn't have this CHECK. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by spqc...@chromium.org
, Aug 30 2016