New issue
Advanced search Search tips

Issue 659025 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Jan 2017
Cc:
xiaoche...@chromium.org
editing-dev@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

Crash in blink::Node::isShadowRoot

Project Member Reported by ClusterFuzz, Oct 25 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5769887098339328

Fuzzer: inferno_layout_test_unmodified
Job Type: windows_syzyasan_chrome
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x0000000b
Crash State:
  blink::Node::isShadowRoot
  blink::Node::parentNode
  blink::CompositeEditCommand::splitTreeToNode
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_chrome&range=421807:422067

Minimized Testcase (0.92 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96sLy5OJRnSZphT-3TopHovIFAyjugk0DtmO_ixvSEneI5lP0g1-jEgzq8W7Ex299zqADHFVTxTGKOf63s7g2rCYdevi8EQlUoFMYosnqvAtMj7U-SnmK7yireFEl6OxyqtBPkqwejp0zNR0ph_trHzC8Lp3g?testcase_id=5769887098339328

Additional requirements: Requires Gestures

Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by durga.behera@chromium.org, Oct 25 2016

Components: Blink>Editing
Labels: Test-Predator-Correct
Owner: xiaoche...@chromium.org
Status: Assigned (was: Untriaged)
Suspected CLs:
==============
The result is a list of CLs that change the crashed files.

Author: xiaochengh
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/cfe6f8d59b4ed940fd55f453e629c663e62d8755
Time: Fri Sep 30 01:55:13 2016
Files CompositeEditCommand.cpp, InsertParagraphSeparatorCommand.cpp, TypingCommand.cpp are changed in this cl (and is part of stack frame #2, "chrome_child!blink::CompositeEditCommand::splitTreeToNode+0xde"; frame #4, "chrome_child!blink::CompositeEditCommand::applyCommandToComposite+0x1e")
Minimum distance from crash line to modified line: 28. (file: InsertParagraphSeparatorCommand.cpp, crashed on: 455, modified: 483).

===========================
Suspected Project: chromium
Suspected Component: Blink>Editing

============================
From the above CL list suspecting the below.
https://codereview.chromium.org/2374183004
xiaochengh@ : Could you please take a look into this if its related to your change.

Comment 2 by xiaoche...@chromium.org, Nov 4 2016

Owner: yosin@chromium.org
I can't repro. The test case (both minimized and original) doesn't even seem to enter CompositeEditCommand::splitTreeToNode at all.

yosin@: Could you offer some help since you use Windows? Thanks!

Comment 3 by xiaoche...@chromium.org, Nov 4 2016

Cc: xiaoche...@chromium.org

Comment 4 by yosin@chromium.org, Nov 7 2016 

I could not reproduce too due by replaying gestures, see "Interaction Gestures" section. Last Enter key causes splitTextNode call.
Project Member

Comment 5 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 6 by yosin@chromium.org, Nov 28 2016

Components: -Blink>Editing Blink>Editing>Selection
Labels: -Pri-1 Pri-2
Owner: ----
Status: Available (was: Assigned)
Lower to Pri-2 since this issue is caused by deprecated DOM mutation event.
Project Member

Comment 7 by ClusterFuzz, Jan 26 2017

Status: WontFix (was: Available)
ClusterFuzz testcase 5769887098339328 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment