New issue
Advanced search Search tips

Issue 685607 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Aug 2017
Cc:
editing-dev@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug



Sign in to add a comment

Editing commands should consider the case that placeholder <br> has invisible style

Project Member Reported by ClusterFuzz, Jan 26 2017 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6610635090821120

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  isStartOfParagraph(startOfParagraphToMove). null/TextAffinity::Downstream in Com
  blink::CompositeEditCommand::moveParagraph
  blink::InsertListCommand::moveParagraphOverPositionIntoEmptyListItem
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=369978:369981

Minimized Testcase (0.29 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv95z7helycJdBP67y0iGnXpURFCbCKinV8vc4Dox1wogZTwgOof4STxrJGGUSy3eRe6A3ueDYyPCILqBH-5lsZgjQ55CMjJy-uW2EKt_IvfjF9_EUXCjlh0Ti7tplF7e3Cdh_vYBorHTaV5pETA7YbOYCV03gAiG48i4JQEuCMJMvVjZh39wFBQYN917eGb_UauB0WBlswXGbmBZ8SLTYdDfSx8goQYG4WvT8SuAqC7OPb3_jJKflePMHopcMIDhSrqffHi8ZvZdNpQVaSGy_n3FbK6TMoaOUNCgYbp6IzeFecVSAPvobqEpZf2rAJ3TYJzGddIAEZweo1NL3rnEyvag-6wlqrTc1prWBQvV-e2CEMNtqLo?testcase_id=6610635090821120
<style>
br {
visibility:hidden;
</style>
<script>
  var af = [], i = 0;
  function main(){af[i++ % af.length]()}
af.push(function (){
  document.execCommand("SelectAll");  document.designMode="on";  })
af.push(function (){
  document.execCommand("InsertOrderedList");  })
  setInterval(main);
</script>


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by mummare...@chromium.org, Jan 27 2017

Components: Blink>Editing
Labels: Test-Predator-Wrong M-56
Owner: xiaoche...@chromium.org
Status: Assigned (was: Untriaged)
Through code search on file CompositeEditCommand.cpp, suspected CL is 
https://chromium.googlesource.com/chromium/src/+/2742a8b3bdc414e596a9382a3b6959c0c4e95f93
xiaochengh@, could you please take a look?
Thank you

Comment 2 by xiaoche...@chromium.org, Jan 27 2017

Components: -Blink>Editing Blink>Editing>Command
Labels: -Pri-1 Pri-2
Summary: Editing commands should consider the case that placeholder <br> has invisible style (was: isStartOfParagraph(startOfParagraphToMove). null/TextAffinity::Downstream in Com)
Lowering to P2 due to low usage of 'insertOrderedList'

When 'insertOrderedList' started, the document is just an empty body. Then InsertListCommand created the following structure:

<ol>
  <li>
    <br>
  </li>
</ol>

However, due to the visibility:hidden style applied to <br>, it is unable to create a non-null VisiblePosition, which results in the DCHECK hit...

Comment 3 by xiaoche...@chromium.org, May 10 2017

Owner: ----
Status: Available (was: Assigned)

Comment 4 by yosin@chromium.org, May 22 2017

Labels: Pri-3
Bulk set to Pri-3 for cluster fuzz bugs.
Since these issues are happens with unusual HTML.
Project Member

Comment 5 by ClusterFuzz, Aug 2 2017

Status: WontFix (was: Available)
ClusterFuzz testcase 6610635090821120 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment