New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 729374 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Jul 2017
Cc:
ifratric@google.com
ranjitkan@chromium.org
editing-dev@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug-Regression



Sign in to add a comment

Selection.modify(sentence) crashes with editable SELECT element

Project Member Reported by ClusterFuzz, Jun 4 2017 
Detailed report: https://clusterfuzz.com/testcase?key=6243531231592448

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  start <= end (OUTPUT id="htmlvarNUMBER" style="font-variant: small-caps; break-a
  blink::TextIteratorAlgorithm<>::TextIteratorAlgorithm
  blink::NextBoundary<>
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=475811:475824

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6243531231592448


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by ranjitkan@chromium.org, Jun 8 2017

Cc: ranjitkan@chromium.org
Labels: -Type-Bug M-61 Test-Predator-Wrong Type-Bug-Regression
Owner: yosin@chromium.org
Status: Assigned (was: Untriaged)
Predator could not find any possible culprit from the regression range

From the Below regression range provided:

https://chromium.googlesource.com/chromium/src/+log/580410917ea90ebc1f040380a82d51392a6b88e6..fa78f83615f6278ffe657bb6119d1b8339920b36?pretty=fuller

Suspecting below change could be a possible culprit:
https://chromium.googlesource.com/chromium/src/+/984f4b2c4df57ae840917a1d79f95a54e68e2c7b

@yosin: Assigning to you, kindly take a look into it. Please help us to find an owner if not with respect to your change.

Thanks.!

Comment 2 by yosin@chromium.org, Jun 8 2017

Components: Blink>Editing>Selection
Labels: -Pri-1 -M-61 Pri-3
Owner: ----
Status: Available (was: Assigned)
Summary: Selection.modify(sentence) crashes with editable SELECT element (was: CHECK failure: start <= end (OUTPUT id="htmlvarNUMBER" style="font-variant: small-caps; break-a)
Lower to Pri-3, since real-world usage of Selection#modify(sentence) with editable SELECT element is low.
Project Member

Comment 3 by ClusterFuzz, Jul 8 2017

Status: WontFix (was: Available)
ClusterFuzz testcase 6243531231592448 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment