New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 765885 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Aug 2
Cc:
msrchandra@chromium.org
editing-dev@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Mac
Pri: 3
Type: Bug



Sign in to add a comment

DeleteSelection command crashes with unusual HTML

Project Member Reported by ClusterFuzz, Sep 16 2017 
Detailed report: https://clusterfuzz.com/testcase?key=6691399939653632

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000010
Crash State:
  blink::PositionTemplate<blink::EditingAlgorithm<blink::NodeTraversal> >::LastPos
  blink::PositionTemplate<blink::EditingAlgorithm<blink::NodeTraversal> > blink::L
  blink::LastEditablePositionBeforePositionInRoot
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=473072:473106

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6691399939653632

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
Project Member

Comment 1 by ClusterFuzz, Sep 16 2017

Labels: OS-Android

Comment 2 by msrchandra@chromium.org, Sep 18 2017

Cc: msrchandra@chromium.org
Labels: Test-Predator-Wrong
Owner: yosin@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL could not provide any possible suspects.
Using Code Search for the file, "Position.cpp" assigning to the concern owner from GIT Blame.

Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/5a61dd9f37830bdf66fdcc6fb9c38a9ccf607377

@yosin -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.
Project Member

Comment 3 by ClusterFuzz, Sep 19 2017

Labels: OS-Mac

Comment 4 by yosin@chromium.org, Sep 22 2017

Labels: -Pri-1 Pri-3
Owner: ----
Status: Available (was: Assigned)
Summary: DeleteSelection command crashes with unusual HTML (was: Null-dereference READ in blink::PositionTemplate<blink::EditingAlgorithm<blink::NodeTraversal> >::LastPos)
Lower to Pri-3 since it is caused by unusual HTML
Project Member

Comment 5 by ClusterFuzz, Oct 1 2017

Components: Blink>Editing
Labels: Test-Predator-AutoComponents
Automatically applying components based on information from OWNERS files. If this seems incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 6 by ClusterFuzz, Oct 4 2017

Labels: Test-Predator-AutoOwner
Owner: xiaoche...@chromium.org
Status: Assigned (was: Available)
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/bd5cd151162312c124b976bc822bbd0e6f4f2d39 (Make user-triggered SelectAll act as if there is no selection for hidden selection).

If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.

Comment 7 by xiaoche...@chromium.org, Oct 5 2017

Owner: ----
Status: Available (was: Assigned)
I'm not going to work on it. Anyone interested may pick it up.

Comment 8 by tanvir.r...@samsung.com, Oct 11 2017

Owner: tanvir.r...@samsung.com

Comment 9 by tanvir.r...@samsung.com, Oct 11 2017

Owner: ----

Comment 10 by mbarbe...@chromium.org, Nov 7 2017

Labels: -Test-Predator-AutoComponents Test-Predator-Auto-Components

Comment 11 by mbarbe...@chromium.org, Nov 7 2017

Labels: -Test-Predator-AutoOwner Test-Predator-Auto-Owner

Comment 12 by xiaoche...@chromium.org, Nov 13 2017

Components: Blink>Editing>Command
Project Member

Comment 13 by ClusterFuzz, Aug 2

Status: WontFix (was: Available)
ClusterFuzz testcase 6691399939653632 is flaky and no longer crashes, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment