New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 752388 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Nov 2017
Cc:
msrchandra@chromium.org
editing-dev@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Mac
Pri: 3
Type: Bug



Sign in to add a comment

InsertText command crashes with unusual HTML

Project Member Reported by ClusterFuzz, Aug 4 2017 
Detailed report: https://clusterfuzz.com/testcase?key=4629719827087360

Fuzzer: bj_broddelwerk
Job Type: linux_asan_chrome_mp
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000010
Crash State:
  blink::PositionTemplate<blink::EditingAlgorithm<blink::NodeTraversal> >::InParen
  blink::InsertTextCommand::DoApply
  blink::CompositeEditCommand::ApplyCommandToComposite
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=491701:491719

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4629719827087360


Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Comment 1 by msrchandra@chromium.org, Aug 4 2017

Cc: msrchandra@chromium.org
Labels: M-62 Test-Predator-Wrong
Owner: yosin@chromium.org
Status: Assigned (was: Untriaged)
Predator could not provide any possible suspects.
Assigning to the concern owner from CL --
https://chromium.googlesource.com/chromium/src/+log/0077d8db30441d8618b5e7b4a9f3500b51238cf8..89b274aedc37dc500ad7eaea7307411a9da6a11a?pretty=fuller

Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/f471810d59597fda437adc2db434a2f5f1e58cfc

@yosin -- Could you please look into the issue, kindly re-assign if this is not related your changes.
Thank You.
Project Member

Comment 2 by ClusterFuzz, Aug 7 2017

Labels: OS-Mac

Comment 3 by yosin@chromium.org, Aug 9 2017

Labels: -Pri-1 Pri-3
Owner: ----
Status: Available (was: Assigned)
Summary: InsertText command crashes with unusual HTML (was: Null-dereference READ in blink::PositionTemplate<blink::EditingAlgorithm<blink::NodeTraversal> >::InParen)
Lower to Pri-3 since this is caused by unusual HTML.

Comment 4 by dtapu...@chromium.org, Aug 21 2017

Components: Blink>Editing
Project Member

Comment 5 by ClusterFuzz, Oct 1 2017

Labels: Test-Predator-AutoComponents
Automatically applying components based on information from OWNERS files. If this seems incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 6 by ClusterFuzz, Oct 4 2017

Labels: Test-Predator-AutoOwner
Owner: yosin@chromium.org
Status: Assigned (was: Available)
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/f471810d59597fda437adc2db434a2f5f1e58cfc (Reland "Introduce SelectionForUndoStep").

If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.

Comment 7 by mbarbe...@chromium.org, Oct 4 2017

Owner: ----
Status: Available (was: Assigned)
Sorry for the reassignment and spam. We just enabled this, but we should be ensuring that we don't assign to someone that's already removed themself as owner. Will fix on the ClusterFuzz side.

Comment 8 by mbarbe...@chromium.org, Nov 7 2017

Labels: -Test-Predator-AutoComponents Test-Predator-Auto-Components

Comment 9 by mbarbe...@chromium.org, Nov 7 2017

Labels: -Test-Predator-AutoOwner Test-Predator-Auto-Owner

Comment 10 by xiaoche...@chromium.org, Nov 13 2017

Components: Blink>Editing>Command
Project Member

Comment 11 by ClusterFuzz, Nov 14 2017

Status: WontFix (was: Available)
ClusterFuzz testcase 4629719827087360 is flaky and no longer crashes, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment