Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically adding ccs based on suspected regression changelists:

JS exposure of feature policy by loonybear@chromium.org - https://chromium.googlesource.com/chromium/src/+/f4bdf01c99906c9f59d8e6ea4993562860ab7d3d

Extract FrameSelection::ComputeAbsoluteBounds method by dgozman@chromium.org - https://chromium.googlesource.com/chromium/src/+/76dd5a9c6f723b56973cc79608f0fe6ce446a956

If this is incorrect, please apply the Test-Predator-Wrong-CLs label.

Pasting the test case here for reference:

<input id="test" type="text">
<script>
test.focus();
textInputController.insertText('4');
textInputController.setMarkedText('4294967284', -1, -2147483648);
</script>

The test case attempts to create a PlainTextRange with start offset > end offset due to integer overflow.

It seems too ad-hoc if we just patch the crash site to handle integer overflow. Do we have any more general approach?

Lower to Pri-3 since this is testing API issue.

We should change TextInputControllerBindings::SetMarkedText(const std::string& text, int start, ine length) to take uint32_t to throw an exception for negative number.

See gin/converter.cc

bool Converter<uint32_t>::FromV8(Isolate* isolate,
                                 Local<Value> val,
                                 uint32_t* out) {
  if (!val->IsUint32())
    return false;
  *out = val.As<Uint32>()->Value();
  return true;
}


Note: offset in DOM is specified as "unsigned long" == uint64_t, but Blink use
|unsigned|==uint32_t.

This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot