Chrome Version: ToT master@{#445131}
OS: Linux
What steps will reproduce the problem?
(1) Get the minimized test case produced by the Fuzzer in issue 682824 (Google Only)
(2) Open the test case in Chrome with DCHECKs on
#0 0x7f6d4bb5731e base::debug::StackTrace::StackTrace()
#1 0x7f6d4bb56e5f base::debug::(anonymous namespace)::StackDumpSignalHandler()
#2 0x7f6d4bfc4330 <unknown>
#3 0x7f6d37ef5c37 gsignal
#4 0x7f6d37ef9028 abort
#5 0x7f6d4bb53716 base::debug::(anonymous namespace)::DebugBreak()
#6 0x7f6d4bb536f8 base::debug::BreakDebugger()
#7 0x7f6d4bbc55a2 logging::LogMessage::~LogMessage()
#8 0x7f6d31de4031 blink::VisibleSelectionTemplate<>::toNormalizedEphemeralRange()
#9 0x7f6d31e5ffb9 blink::ReplacementFragment::ReplacementFragment()
#10 0x7f6d31e64b3e blink::ReplaceSelectionCommand::doApply()
#11 0x7f6d31e26fef blink::CompositeEditCommand::apply()
#12 0x7f6d31e48de0 blink::executeInsertFragment()
#13 0x7f6d31e448ba blink::executeInsertHTML()
#14 0x7f6d31e4197c blink::Editor::Command::execute()
#15 0x7f6d31e3fc02 blink::Document::execCommand()
#16 0x7f6d32e55a6b blink::DocumentV8Internal::execCommandMethod()
#17 0x7f6d32e54c62 blink::DocumentV8Internal::execCommandMethodCallback()
#18 0x7f6d3fa1636b v8::internal::FunctionCallbackArguments::Call()
#19 0x7f6d3fae4db3 v8::internal::(anonymous namespace)::HandleApiCallHelper<>()
#20 0x7f6d3fae38f0 v8::internal::Builtin_Impl_HandleApiCall()
#21 0x3eaae1d8426e <unknown>
r8: 00007ffc7925fb30 r9: 00007f6d3800fa00 r10: 0000000000000008 r11: 0000000000000202
r12: 0000000000000000 r13: 00007ffc79263d48 r14: 0000348137bd5020 r15: 00007f6d32e54c30
di: 0000000000000001 si: 0000000000000001 bp: 00007ffc7925ff20 bx: 00007ffc79263cc0
dx: 0000000000000006 ax: 0000000000000000 cx: 00007f6d37ef5c37 sp: 00007ffc7925fde8
ip: 00007f6d37ef5c37 efl: 0000000000000202 cgf: 0000000000000033 erf: 0000000000000000
trp: 0000000000000000 msk: 0000000000000000 cr2: 0000000000000000
[end of stack trace]
Comment 1 by yosin@chromium.org
, Mar 6 2017Owner: ----
Status: Fixed (was: Assigned)