FormatBlock command crashes writing-mode:vertical-rl and VIDEO |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6522561426096128 Fuzzer: ochang_domfuzzer Job Type: linux_tsan_chrome_mp Platform Id: linux Crash Type: UNKNOWN Crash Address: 0x000000000010 Crash State: __tsan::CallUserSignalHandler rtl_sigaction blink::Node::isDescendantOf Sanitizer: thread (TSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=353013:353033 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv957-iGjCNjCdGbinpfRc3ekA_WoQotMp3uHPZ8LUZdthd8YQHqfbCpCJ5NZgvoIbfjAIquhwpHMxvHjArdrMcEu1b1ibumHXD9Q5IyCDL3-oMUSVoH63mpUPLwwfb88fe4_q_mRuISsbExb7xwlQSwTgPZN5c74mosXy-SldjIE_uzYwCdKRzo52bhyJ9VFthIaV3EjQX7YzfiCnZyUuo-jQe69E-J9SuBvubYCEmmz4ZEURBOuPxurMHWxvTWWV02S5kkxwEVztY4rZ_YvPhSWOQOn9mssIMr2bugIanXRFrCMDysPPFeuECpQUiCuilLeRvqxNEMWfOhBSnhuyPDjAisJZ51jxd69QsGAEQi77ERSdwKL_JuGwHVODPKpFvW4VjvIU_g6gqu9eI1hAEnXolBz-Q?testcase_id=6522561426096128 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Mar 25 2017
Lower to Pri-2 since real world usage of FrmatBlock is low (<0.003%),
M57.0.2987.110 (Official Build) (64-bit) also crashes this.
Minimized script:
<span style="writing-mode: vertical-rl"></span>
<video></video>
<script>
document.designMode = 'on';
document.execCommand('selectAll');
document.execCommand('formatBlock', false, 'hgroup');
</script>
,
May 16 2017
ClusterFuzz testcase 6522561426096128 is flaky and no longer reproduces, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||
►
Sign in to add a comment |
|||
Comment 1 by mummare...@chromium.org
, Mar 24 2017Components: Blink>Editing>Command
Labels: Test-Predator-Wrong M-58