New issue
Advanced search Search tips

Issue 650454 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Jun 2017
Cc:
yosin@chromium.org
koten...@yandex-team.ru
editing-dev@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug

Blocking:
issue 707884



Sign in to add a comment

Hit ArrowLeft after cE=false causes DCHECK

Project Member Reported by ClusterFuzz, Sep 26 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6696670006083584

Fuzzer: mbarbella_js_mutation_layout
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  left.deepEquivalent() != visiblePosition.deepEquivalent() (DIV id="div"id="div" 
  blink::leftPositionOfAlgorithm<>
  blink::leftPositionOf
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=388139:388165

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94FFHfOLVU7KKm7ZPl2viyKSmBRx1C0AEBA0r8HBQY9L4cTDeGI9T3MNbVTbvDOSVmdcgh4pcXRoXHHkfJGQCbUukyBoFfHpgA6wN4GXGUL_EpN8d6cUfPxuecFyUmol3tZFcH06t4OSwU9jXYVlh6l1aGovg?testcase_id=6696670006083584


Additional requirements: Requires Gestures

Issue manually filed by: mummareddy

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by mummare...@chromium.org, Sep 26 2016

Cc: yosin@chromium.org koten...@yandex-team.ru
Components: Tools>Test>FindIt>NoResult
Labels: M-54 Te-Logged
Owner: tkent@chromium.org
Through code search on file VisibleUnits.cpp suspected CL is

https://chromium.googlesource.com/chromium/src/+/4021ae18b9410d496adc92077e00672253f3876d%5E%21/third_party/WebKit/Source/core/editing/VisibleUnits.cpp
tkent@, could you please take a look and reassign if it is not your related changes.

Comment 2 by mummare...@chromium.org, Sep 26 2016

Status: Assigned (was: Untriaged)

Comment 3 by tkent@chromium.org, Sep 26 2016

Components: Blink>Editing
Owner: ----
Status: Untriaged (was: Assigned)
Route to Editing triage

Comment 4 by yosin@chromium.org, Sep 27 2016

Status: Available (was: Untriaged)

Comment 5 by kateso...@chromium.org, Oct 18 2016

Components: -Tools>Test>FindIt>NoResult
Project Member

Comment 6 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 7 by yosin@chromium.org, Nov 30 2016 

I could not reproduce. It is hard to reproduce with gesture...

Comment 8 by yoichio@chromium.org, Mar 17 2017

Owner: yoichio@chromium.org
Status: Started (was: Available)
Reproduced.

Comment 9 by yosin@chromium.org, Mar 29 2017

Summary: Hit ArrowLeft after cE=false causes DCHECK (was: left.deepEquivalent() != visiblePosition.deepEquivalent() (DIV id="div"id="div" )
I could reproduce too.

Hit
DCHECK_NE(left.deepEquivalent(), visiblePosition.deepEquivalent()) in
leftPositionOfAlgorithm

Comment 10 by xiaoche...@chromium.org, Apr 15 2017

Blocking: 707884

Comment 11 by yoichio@chromium.org, Apr 26 2017

Labels: -Pri-1 Pri-2

Comment 12 by yosin@chromium.org, May 22 2017

Labels: -Pri-2 Pri-3
Owner: ----
Status: Available (was: Started)
Mark Available since no response past 2+ weeks.

Comment 13 by yosin@chromium.org, May 22 2017 

Bulk set to Pri-3 for cluster fuzz bugs.
Since these issues are happens with unusual HTML.
Project Member

Comment 14 by ClusterFuzz, Jun 21 2017

Status: WontFix (was: Available)
ClusterFuzz testcase 6696670006083584 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment