New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 653819 link

Starred by 1 user
Status: Fixed
Owner:
xiaoche...@chromium.org
Closed: Oct 2016
Cc:
ranjitkan@chromium.org
editing-dev@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug-Regression

Blocking:
issue 590369



Sign in to add a comment

!start.document()->view() || !start.document()->view()->needsLayout() in TextIte

Project Member Reported by ClusterFuzz, Oct 7 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6083008258113536

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !start.document()->view() || !start.document()->view()->needsLayout() in TextIte
  blink::TextIteratorAlgorithm<>::TextIteratorAlgorithm
  blink::TextIteratorAlgorithm<>::rangeLength
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=415934:416233

Minimized Testcase (0.23 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96qaFOau6vGcJ9lsq5ANw_aBsGM0W45Z2KK6M8SjHICRElXq0L-hQm-DVc_SW_Lj9AdEe4yNmaaEBzgXSBj2pSa62cjvu7KL4uazbYpmUHcVmN24zybRuu_PL9MN7oIlsEBkh1MWQIppfDZZmHxDV0APZgB6g?testcase_id=6083008258113536

Issue manually filed by: ranjitkan

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by ranjitkan@chromium.org, Oct 7 2016

Cc: ranjitkan@chromium.org
Components: Tools>Test>FindIt>CorrectResult
Labels: -Pri-1 -Type-Bug Findit-for-crash M-55 Te-Logged Pri-2 Type-Bug-Regression
Owner: xiaoche...@chromium.org
Status: Assigned (was: Untriaged)
Find it did not display any result. Using code search suspecting the below change could be the possible culprit.

Change Log: https://chromium.googlesource.com/chromium/src/+/d458f0472a278384106520e6312986f1fd138927
Review-Url: https://codereview.chromium.org/2292023002

@xiaochengh: Assigning to you, request you to please take a look into it. Please help us to find a right owner if not with respect to your change.

Thanks.!
Project Member

Comment 2 by bugdroid1@chromium.org, Oct 11 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e5e7e69014427cd09887d3a407e8cbb3059eb3b4

commit e5e7e69014427cd09887d3a407e8cbb3059eb3b4
Author: xiaochengh <xiaochengh@chromium.org>
Date: Tue Oct 11 04:40:18 2016

Update layout in CompositeEditCommand::moveParagraphs for TextIterator::rangeLength

A call site in CompositeEditCommand::moveParagraphs was missed when hoisting
the layout update call from TextIterator::rangeLength. This patch hence adds back
the missing call.

BUG= 653819 
TEST=n/a; this is a patch to an ongoing refactoring work

Review-Url: https://codereview.chromium.org/2410513003
Cr-Commit-Position: refs/heads/master@{#424369}

[modify] https://crrev.com/e5e7e69014427cd09887d3a407e8cbb3059eb3b4/third_party/WebKit/Source/core/editing/commands/CompositeEditCommand.cpp

Comment 3 by xiaoche...@chromium.org, Oct 11 2016

Blocking: 590369
Components: Blink>Editing
Labels: -OS-Linux OS-All
The just-landed r424369 should fix the issue.
Project Member

Comment 4 by ClusterFuzz, Oct 13 2016 

ClusterFuzz has detected this issue as fixed in range 424153:424892.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6083008258113536

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !start.document()->view() || !start.document()->view()->needsLayout() in TextIte
  blink::TextIteratorAlgorithm<>::TextIteratorAlgorithm
  blink::TextIteratorAlgorithm<>::rangeLength
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=415934:416233
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=424153:424892

Minimized Testcase (0.23 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96qaFOau6vGcJ9lsq5ANw_aBsGM0W45Z2KK6M8SjHICRElXq0L-hQm-DVc_SW_Lj9AdEe4yNmaaEBzgXSBj2pSa62cjvu7KL4uazbYpmUHcVmN24zybRuu_PL9MN7oIlsEBkh1MWQIppfDZZmHxDV0APZgB6g?testcase_id=6083008258113536

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Comment 5 by xiaoche...@chromium.org, Oct 13 2016

Labels: Merge-Request-55
Status: Fixed (was: Assigned)

Comment 6 by dimu@chromium.org, Oct 13 2016

Labels: -Merge-Request-55 Merge-Approved-55 Hotlist-Merge-Approved
Your change meets the bar and is auto-approved for M55 (branch: 2883)
Project Member

Comment 7 by ClusterFuzz, Oct 13 2016 

ClusterFuzz has detected this issue as fixed in range 424153:424892.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6083008258113536

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !start.document()->view() || !start.document()->view()->needsLayout() in TextIte
  blink::TextIteratorAlgorithm<>::TextIteratorAlgorithm
  blink::TextIteratorAlgorithm<>::rangeLength
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=415934:416233
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=424153:424892

Minimized Testcase (0.23 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96qaFOau6vGcJ9lsq5ANw_aBsGM0W45Z2KK6M8SjHICRElXq0L-hQm-DVc_SW_Lj9AdEe4yNmaaEBzgXSBj2pSa62cjvu7KL4uazbYpmUHcVmN24zybRuu_PL9MN7oIlsEBkh1MWQIppfDZZmHxDV0APZgB6g?testcase_id=6083008258113536

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 8 by bugdroid1@chromium.org, Oct 13 2016

Labels: -merge-approved-55 merge-merged-2883
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/72c8cb209488038ea3564e40541bebd818cbc06e

commit 72c8cb209488038ea3564e40541bebd818cbc06e
Author: Xiaocheng Hu <xiaochengh@chromium.org>
Date: Thu Oct 13 09:33:45 2016

Update layout in CompositeEditCommand::moveParagraphs for TextIterator::rangeLength

A call site in CompositeEditCommand::moveParagraphs was missed when hoisting
the layout update call from TextIterator::rangeLength. This patch hence adds back
the missing call.

BUG= 653819 
TEST=n/a; this is a patch to an ongoing refactoring work

Review-Url: https://codereview.chromium.org/2410513003
Cr-Commit-Position: refs/heads/master@{#424369}
(cherry picked from commit e5e7e69014427cd09887d3a407e8cbb3059eb3b4)

Review URL: https://codereview.chromium.org/2413223002 .

Cr-Commit-Position: refs/branch-heads/2883@{#85}
Cr-Branched-From: 614d31daee2f61b0180df403a8ad43f20b9f6dd7-refs/heads/master@{#423768}

[modify] https://crrev.com/72c8cb209488038ea3564e40541bebd818cbc06e/third_party/WebKit/Source/core/editing/commands/CompositeEditCommand.cpp
Project Member

Comment 9 by bugdroid1@chromium.org, Oct 27 2016

Labels: merge-merged-2840
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/72c8cb209488038ea3564e40541bebd818cbc06e

commit 72c8cb209488038ea3564e40541bebd818cbc06e
Author: Xiaocheng Hu <xiaochengh@chromium.org>
Date: Thu Oct 13 09:33:45 2016

Update layout in CompositeEditCommand::moveParagraphs for TextIterator::rangeLength

A call site in CompositeEditCommand::moveParagraphs was missed when hoisting
the layout update call from TextIterator::rangeLength. This patch hence adds back
the missing call.

BUG= 653819 
TEST=n/a; this is a patch to an ongoing refactoring work

Review-Url: https://codereview.chromium.org/2410513003
Cr-Commit-Position: refs/heads/master@{#424369}
(cherry picked from commit e5e7e69014427cd09887d3a407e8cbb3059eb3b4)

Review URL: https://codereview.chromium.org/2413223002 .

Cr-Commit-Position: refs/branch-heads/2883@{#85}
Cr-Branched-From: 614d31daee2f61b0180df403a8ad43f20b9f6dd7-refs/heads/master@{#423768}

[modify] https://crrev.com/72c8cb209488038ea3564e40541bebd818cbc06e/third_party/WebKit/Source/core/editing/commands/CompositeEditCommand.cpp

Comment 10 by dimu@google.com, Nov 4 2016

Labels: -merge-merged-2840
[Automated comment] removing mislabelled merge-merged-2840
Project Member

Comment 11 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment