toPositionInFlatTree() should support isActiveSlotOrActiveInsertionPoint() |
|||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5250016768950272 Fuzzer: ifratric-browserfuzzer-v3 Job Type: mac_asan_chrome Platform Id: mac Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: blink::editingIgnoresContent blink::PositionIteratorAlgorithm<blink::EditingAlgorithm<blink::FlatTreeTraversa blink::mostBackwardCaretPosition Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=370873:370888 Minimized Testcase (1.45 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96kulF67_zdo510olPZ3QtI6RC18cp-xDkutQ3Ct5RU1XUWMY0ujgfYpybOeC_c4MLE_xbBcXXljfgNdQgFikVagSF43S1J6fFZrRiotaeun-r268cKigCyL_1MYrvvK8UEpcWpviVPPyoa5Ar14h4TSIcfpg?testcase_id=5250016768950272 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Dec 2 2016
DOM tree at assertion: m_selection.showTreeForThis() [14124:54300:1202/155614.901:1981011609:INFO:visibleselection.cpp(785)] BODY #text "\n" CONTENT id="htmlvar00001" #text "\n" DIV id="htmlvar00004" #text "\n" KEYGEN id="htmlvar00006" style="-webkit-user-modify: read-write-plaintext-only;" (editable) #shadow-root SELECT #shadow-root CONTENT OPTION #shadow-root #text "2048 (High Grade)" #text "2048 (High Grade)" OPTION #shadow-root #text "1024 (Medium Grade)" #text "1024 (Medium Grade)" #text "\n" VIDEO id="htmlvar00008" #shadow-root DIV DIV INPUT style="display: none;" #shadow-root #text "" DIV DIV style="display: none;" INPUT style="display: none;" #shadow-root #text "" DIV style="display: none;" #text "0:00" DIV style="display: none;" #text "/ 0:00" INPUT style="display: none;" #shadow-root DIV style="-webkit-appearance:inherit" DIV id="track" DIV id="thumb" INPUT style="display: none;" #shadow-root #text "" INPUT style="display: none;" #shadow-root DIV style="-webkit-appearance:inherit" DIV id="track" DIV id="thumb" INPUT style="display: none;" #shadow-root #text "" INPUT style="display: none;" #shadow-root #text "" INPUT style="display: none;" #shadow-root #text "" INPUT style="display: none;" #shadow-root #text "" INPUT style="display: none;" #shadow-root #text "" DIV style="display: none;" DIV style="display: none;" LABEL INPUT style="display: none;" #shadow-root #text "" #text "Play" LABEL INPUT style="display: none;" #shadow-root #text "" #text "Fullscreen" LABEL INPUT style="display: none;" #shadow-root #text "" #text "Download" LABEL INPUT style="display: none;" #shadow-root #text "" #text "Mute" LABEL INPUT style="display: none;" #shadow-root #text "" #text "Cast" LABEL INPUT style="display: none;" #shadow-root #text "" #text "Captions" #text "\n" OL id="htmlvar00010" #shadow-root S CONTENT id="htmlvar00001" #text "\n" DIV id="htmlvar00004" #text "\n" E KEYGEN id="htmlvar00006" style="-webkit-user-modify: read-write-plaintext-only;" (editable) (focused) E #shadow-root E SELECT E #shadow-root E CONTENT E OPTION E #shadow-root E #text "2048 (High Grade)" E #text "2048 (High Grade)" E OPTION E #shadow-root E #text "1024 (Medium Grade)" E #text "1024 (Medium Grade)" #text "\n" VIDEO id="htmlvar00008" #shadow-root DIV DIV INPUT style="display: none;" #shadow-root #text "" DIV DIV style="display: none;" INPUT style="display: none;" #shadow-root #text "" DIV style="display: none;" #text "0:00" DIV style="display: none;" #text "/ 0:00" INPUT style="display: none;" #shadow-root DIV style="-webkit-appearance:inherit" DIV id="track" DIV id="thumb" INPUT style="display: none;" #shadow-root #text "" INPUT style="display: none;" #shadow-root DIV style="-webkit-appearance:inherit" DIV id="track" DIV id="thumb" INPUT style="display: none;" #shadow-root #text "" INPUT style="display: none;" #shadow-root #text "" INPUT style="display: none;" #shadow-root #text "" INPUT style="display: none;" #shadow-root #text "" INPUT style="display: none;" #shadow-root #text "" DIV style="display: none;" DIV style="display: none;" LABEL INPUT style="display: none;" #shadow-root #text "" #text "Play" LABEL INPUT style="display: none;" #shadow-root #text "" #text "Fullscreen" LABEL INPUT style="display: none;" #shadow-root #text "" #text "Download" LABEL INPUT style="display: none;" #shadow-root #text "" #text "Mute" LABEL INPUT style="display: none;" #shadow-root #text "" #text "Cast" LABEL INPUT style="display: none;" #shadow-root #text "" #text "Captions" #text "\n" OL id="htmlvar00010" #text "\n" AUDIO id="htmlvar00021" #shadow-root DIV DIV INPUT style="display: none;" #shadow-root #text "" DIV DIV style="display: none;" INPUT style="display: none;" #shadow-root #text "" DIV style="display: none;" #text "0:00" DIV style="display: none;" #text "/ 0:00" INPUT style="display: none;" #shadow-root DIV style="-webkit-appearance:inherit" DIV id="track" DIV id="thumb" INPUT style="display: none;" #shadow-root #text "" INPUT style="display: none;" #shadow-root DIV style="-webkit-appearance:inherit" DIV id="track" DIV id="thumb" INPUT style="display: none;" #shadow-root #text "" INPUT style="display: none;" #shadow-root #text "" INPUT style="display: none;" #shadow-root #text "" INPUT style="display: none;" #shadow-root #text "" INPUT style="display: none;" #shadow-root #text "" DIV style="display: none;" DIV style="display: none;" LABEL INPUT style="display: none;" #shadow-root #text "" #text "Play" LABEL INPUT style="display: none;" #shadow-root #text "" #text "Fullscreen" LABEL INPUT style="display: none;" #shadow-root #text "" #text "Download" LABEL INPUT style="display: none;" #shadow-root #text "" #text "Mute" LABEL INPUT style="display: none;" #shadow-root #text "" #text "Cast" LABEL INPUT style="display: none;" #shadow-root #text "" #text "Captions" #text "\n" KEYGEN id="htmlvar00026" #shadow-root SELECT #shadow-root CONTENT OPTION #shadow-root #text "2048 (High Grade)" #text "2048 (High Grade)" OPTION #shadow-root #text "1024 (Medium Grade)" #text "1024 (Medium Grade)" #text "\n" AUDIO id="htmlvar00021" #shadow-root DIV DIV INPUT style="display: none;" #shadow-root #text "" DIV DIV style="display: none;" INPUT style="display: none;" #shadow-root #text "" DIV style="display: none;" #text "0:00" DIV style="display: none;" #text "/ 0:00" INPUT style="display: none;" #shadow-root DIV style="-webkit-appearance:inherit" DIV id="track" DIV id="thumb" INPUT style="display: none;" #shadow-root #text "" INPUT style="display: none;" #shadow-root DIV style="-webkit-appearance:inherit" DIV id="track" DIV id="thumb" INPUT style="display: none;" #shadow-root #text "" INPUT style="display: none;" #shadow-root #text "" INPUT style="display: none;" #shadow-root #text "" INPUT style="display: none;" #shadow-root #text "" INPUT style="display: none;" #shadow-root #text "" DIV style="display: none;" DIV style="display: none;" LABEL INPUT style="display: none;" #shadow-root #text "" #text "Play" LABEL INPUT style="display: none;" #shadow-root #text "" #text "Fullscreen" LABEL INPUT style="display: none;" #shadow-root #text "" #text "Download" LABEL INPUT style="display: none;" #shadow-root #text "" #text "Mute" LABEL INPUT style="display: none;" #shadow-root #text "" #text "Cast" LABEL INPUT style="display: none;" #shadow-root #text "" #text "Captions" #text "\n" KEYGEN id="htmlvar00026" #shadow-root SELECT #shadow-root CONTENT OPTION #shadow-root #text "2048 (High Grade)" #text "2048 (High Grade)" OPTION #shadow-root #text "1024 (Medium Grade)" #text "1024 (Medium Grade)" start: offsetInAnchor[0] end: beforeAnchor <void>
,
Dec 2 2016
We
,
Dec 2 2016
,
Dec 24 2016
ClusterFuzz has detected this issue as fixed in range 438498:440663. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5250016768950272 Fuzzer: ifratric-browserfuzzer-v3 Job Type: mac_asan_chrome Platform Id: mac Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: blink::editingIgnoresContent blink::PositionIteratorAlgorithm<blink::EditingAlgorithm<blink::FlatTreeTraversa blink::mostBackwardCaretPosition Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=370873:370888 Fixed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=438498:440663 Minimized Testcase (1.45 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96kulF67_zdo510olPZ3QtI6RC18cp-xDkutQ3Ct5RU1XUWMY0ujgfYpybOeC_c4MLE_xbBcXXljfgNdQgFikVagSF43S1J6fFZrRiotaeun-r268cKigCyL_1MYrvvK8UEpcWpviVPPyoa5Ar14h4TSIcfpg?testcase_id=5250016768950272 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Dec 24 2016
ClusterFuzz testcase 5250016768950272 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||
►
Sign in to add a comment |
|||
Comment 1 by msrchandra@chromium.org
, Dec 1 2016Labels: Test-Predator-Wrong-CLs
Owner: yosin@chromium.org
Status: Assigned (was: Untriaged)