Issue 689148 link

Starred by 2 users

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Jun 2017
Cc:	editing-dev@chromium.org
Components:	Blink>Editing>Command
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	3
Type:	Bug
Stability-Crash Reproducible Clusterfuzz M-58 Test-Predator-Wrong

visibleEndOfSelection.isNotNull() in InsertListCommand.cpp

Project Member Reported by ClusterFuzz, Feb 6 2017

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5456749143523328

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  visibleEndOfSelection.isNotNull() in InsertListCommand.cpp
  blink::InsertListCommand::doApply
  blink::CompositeEditCommand::apply
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=380105:380146

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94OBKUMkYvF9h1RGBGOueUnIpossKrii1hB6wPJqnYq86vZkcgNx-MXYM5ZX0GPPFe5hmik8VcXsdxH9fVr-ET5q7ZoGFSb8QpDMfI0lxB1bqPbzDYHIiYgWVxlFIUIMhb5_LTgaBufxjOS1nebOf4zZPExhCErd67MAI-m2lpGVyMtkj-w-Wv-7YlT4beyIDNbipVWcur0dwW3aZYSKSxGLJY4_LL5LGf3MPIcjmlXEV7nAo9O3Wf8vrkxrSqrUwb3MIX2xL2p35FTZOqL868d5Pgp1uZm3En4cW57KvoiReeQ7RZA7r6n5IfSfus3dRyvADIF_2E_U0Wil4XcmEFugq_e-A9ky_OI1j26n7I-1OGl_AvJdHeeKaM4YxCGVTnLDj8mLCcr94HCcbIeCK7WyqLrUA?testcase_id=5456749143523328


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by mummare...@chromium.org, Feb 7 2017

Cc: yosin@chromium.org
Components: Blink>Editing
Labels: Test-Predator-Wrong M-58
Owner: xiaoche...@chromium.org
Status: Assigned (was: Untriaged)

Through code search on file InsertListCommand.cpp, suspected CL is
https://chromium.googlesource.com/chromium/src/+/af07c6533b27d117b9f57595253e6d3dde192734%5E%21/third_party/WebKit/Source/core/editing/commands/InsertListCommand.cpp
xiaochengh@, could you please take a look?

Comment 2 by yosin@chromium.org, Feb 14 2017

Cc: -yosin@chromium.org
Labels: -Pri-1 Pri-2
Owner: ----
Status: Available (was: Assigned)

Lower to Pri-2 since real world usage of "InsertList" command is low.

Comment 3 by yosin@chromium.org, Feb 14 2017

Components: -Blink>Editing Blink>Editing>Command

DOM Tree at DCHECK()

BODY (editable) (focused)
	P (editable)
		OL (editable)
			LI (editable)
SE				#text "This line should be green."
	DIV (editable)
	P (editable)
		OL (editable)
			LI (editable)
				#text "\n__v_1 = 3;"
	#text "\n  "
	SCRIPT (editable)
		#text "\nfunction __f_0() {\n    document.execCommand(\"SelectAll\");\n    document.execCommand(\"InsertOrderedList\");\n}\n  "
	#text "\n \n "
	STYLE (editable)
		#text "\ndiv {\n            display: inline-block;\n            border: 2px solid black;\n"
	#text "\n "
	SCRIPT (editable)
		#text "\n runTest = __f_0; \n runTest(); \n"

Comment 4 by yosin@chromium.org, May 22 2017

Labels: Pri-3

Bulk set to Pri-3 for cluster fuzz bugs.
Since these issues are happens with unusual HTML.

Project Member

Comment 5 by ClusterFuzz, Jun 21 2017

Status: WontFix (was: Available)

ClusterFuzz testcase 5456749143523328 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

►

Issue 689148 link

Issue metadata

visibleEndOfSelection.isNotNull() in InsertListCommand.cpp

Issue description

Comment 1 by mummare...@chromium.org, Feb 7 2017

Comment 1 Deleted

Comment 2 by yosin@chromium.org, Feb 14 2017

Comment 2 Deleted

Comment 3 by yosin@chromium.org, Feb 14 2017

Comment 3 Deleted

Comment 4 by yosin@chromium.org, May 22 2017

Comment 4 Deleted

Comment 5 by ClusterFuzz, Jun 21 2017

Comment 5 Deleted

Sign in to add a comment