Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/f471810d59597fda437adc2db434a2f5f1e58cfc (Reland "Introduce SelectionForUndoStep").

If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.

Lower to Pri-3, since this can be happened with unusual HTML in quirk mode.


Minimal reproduce case:

<!-- happens only in quirk mode -->
<span style="display:inline-block; height:100%;"><b><span style="float:left"></span><i>x</i></b></span><hr>
<script>
document.designMode = 'on';
document.execCommand('selectall');
document.execCommand('insertText', false, 'LOL');
</script>

ClusterFuzz has detected this issue as fixed in range 510178:510722.

Detailed report: https://clusterfuzz.com/testcase?key=6090457359843328

Fuzzer: miaubiz_css_fuzzer
Job Type: windows_asan_chrome_no_sandbox
Platform Id: windows

Crash Type: Null-dereference READ
Crash Address: 0x00000014
Crash State:
  blink::Node::NodeIndex
  blink::PositionTemplate<class blink::EditingAlgorithm<class blink::NodeTraversal
  blink::InsertTextCommand::DoApply
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=491701:491722
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=510178:510722

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6090457359843328

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6090457359843328 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.