reconcileTextDecorationProperties() should handle styles having both text-decoration and webkit-text-decoration-in-effect |
|||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6702977839792128 Fuzzer: inferno_layout_test_unmodified Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !textDecorationsInEffect || !textDecoration in EditingStyle.cpp blink::reconcileTextDecorationProperties blink::StyleChange::StyleChange Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=268656:269696 Minimized Testcase (0.24 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94FtO30BFWkl0dblpQHStwhK0tcbzcd7wQyuHIgkXvN6W498hcZNos0nDMzJ8sjqJ5Ji5EC4BPUAimBz9dfVRg3pHVANawGwOjUYSH2Mgv9VEG6_mDb2uDI0fMg_NmypUOLaSb-eqJOJ2KYeZBdPMDkMVDnjw?testcase_id=6702977839792128 Female <dl> DT element </dl> <br/> <hr/> <script> document.designMode = 'on'; document.execCommand('SelectAll'); document.execCommand('Strikethrough'); document.execCommand('InsertOrderedList'); </script> Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Nov 9 2016
Suspected CL https://codereview.chromium.org/2422133002 xiaochengh@, could you please take a look and help us to find correct owner if it is not related your changes.
,
Nov 10 2016
A further minimized test case with assert_selection:
test(() => assert_selection(
[
'<div contenteditable>',
'<strike>^Female</strike>',
'<dl><strike>DT element</strike></dl>',
'<strike><br></strike>',
'<hr>|',
'</div>'
].join(''),
'',
''));
No idea why "We shouldn't have both text-decoration and -webkit-text-decorations-in-effect because that wouldn't make sense" (quoted from EditingStyle.cpp just above the failed DCHECK)...
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Nov 28 2016
It seems "-webkit-text-decorations-in-effect" CSS property is deprecated, http://crbug.com/269140
,
Nov 28 2016
Below test case causes DCHECK(!textDecorationsInEffect || !textDecoration);
test(() => assert_selection(
[
'<div contenteditable>',
'<strike>^Female</strike>',
'<dl><strike>DT element</strike></dl>',
'<strike><br></strike>',
'<hr>|',
'</div>'
].join(''),
'insertOrderedList',
[
'<div contenteditable>',
'<ol><li><strike>^Female</strike></li></ol>',
'<dl>',
'<ol>',
'<ul><strike>DT element</strike></ul>',
'<li><strike><br></strike></li>',
'<li><hr>|</li>',
'</ol>',
'</dl>',
'</div>'
].join('')),
'insertOrderedList with STRIKE, DL, and HR');
,
Nov 28 2016
"-webkit-text-decorations-in-effect" is introduced by moveParagraphs() via StyledMarkupSerializer for serializing STRIKE element.
,
Nov 28 2016
In review: http://crrev.com/2532873002
,
Nov 29 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a9814d2d1bbc0c1d77dad4f2619e21e28757b47f commit a9814d2d1bbc0c1d77dad4f2619e21e28757b47f Author: yosin <yosin@chromium.org> Date: Tue Nov 29 03:05:02 2016 Get rid of wrong assumption in reconcileTextDecorationProperties() This patch gets rid of |DCHECK()|, which is a wrong assumption, in |reconcileTextDecorationProperties()| since we have a test case against the assumption. BUG= 663613 TEST=LayoutTests/editing/execCommand/insert-list-and-strikethrough.html Review-Url: https://codereview.chromium.org/2532873002 Cr-Commit-Position: refs/heads/master@{#434857} [add] https://crrev.com/a9814d2d1bbc0c1d77dad4f2619e21e28757b47f/third_party/WebKit/LayoutTests/editing/execCommand/insert-list-and-strikethrough.html [modify] https://crrev.com/a9814d2d1bbc0c1d77dad4f2619e21e28757b47f/third_party/WebKit/Source/core/editing/EditingStyle.cpp
,
Nov 29 2016
,
Nov 29 2016
ClusterFuzz has detected this issue as fixed in range 434840:434865. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6702977839792128 Fuzzer: inferno_layout_test_unmodified Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !textDecorationsInEffect || !textDecoration in EditingStyle.cpp blink::reconcileTextDecorationProperties blink::StyleChange::StyleChange Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=268656:269696 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=434840:434865 Minimized Testcase (0.24 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94FtO30BFWkl0dblpQHStwhK0tcbzcd7wQyuHIgkXvN6W498hcZNos0nDMzJ8sjqJ5Ji5EC4BPUAimBz9dfVRg3pHVANawGwOjUYSH2Mgv9VEG6_mDb2uDI0fMg_NmypUOLaSb-eqJOJ2KYeZBdPMDkMVDnjw?testcase_id=6702977839792128 Female <dl> DT element </dl> <br/> <hr/> <script> document.designMode = 'on'; document.execCommand('SelectAll'); document.execCommand('Strikethrough'); document.execCommand('InsertOrderedList'); </script> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by dtapu...@chromium.org
, Nov 9 2016