Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

As this is in platform-independent code, assuming this applies to all
platform except iOS.
Callstack indicates this is caused by selection code, so could anyone
in Selection can traiage this?

Hits DCHECK during Document.execCommand("InsertText") before running into the crash site:

[1:1:1211/143040.993277:FATAL:SelectionTemplate.cpp(264)] Check failed: position.IsConnected(). #text "foo"@offsetInAnchor[0]
#0 0x7f12d2e1dc0d base::debug::StackTrace::StackTrace()
#1 0x7f12d2e1c03c base::debug::StackTrace::StackTrace()
#2 0x7f12d2ea3bba logging::LogMessage::~LogMessage()
#3 0x7f12ca4d4b50 blink::SelectionTemplate<>::Builder::Collapse()
#4 0x7f12ca4d5d37 blink::SelectionTemplate<>::Builder::SetBaseAndExtent()
#5 0x7f12ca4def99 blink::VisibleSelectionTemplate<>::AsSelection()
#6 0x7f12ca557e04 blink::TypingCommand::InsertText()
#7 0x7f12ca557733 blink::TypingCommand::InsertText()
#8 0x7f12ca52d6d9 blink::ExecuteInsertText()
#9 0x7f12ca529b69 blink::Editor::Command::Execute()
#10 0x7f12ca527fe3 blink::Document::execCommand()


A slightly cleaner test case:

<body class="CLASS14">
<object>x</object>
<script>
var active = false;
document.addEventListener("DOMNodeInserted", function() {
  if (active)
    return;
  active = true;
  var oElement = event.srcElement;
  oElement.insertAdjacentText('beforebegin', 'foo');
  document.execCommand("SelectAll"); // Triggers selectionchange handler
  active = false;
});

document.addEventListener(
    "selectionchange",
    () => document.execCommand('InsertText'));

document.designMode = "on";
var body = document.body;
body.parentNode.replaceChild(
    document.documentElement.cloneNode(true), body); // Triggers DOMNodeInserted handler
</script>

Automatically adding ccs based on suspected regression changelists:

Implement lazy (re-)attachment of whitespace. by rune@opera.com - https://chromium.googlesource.com/chromium/src/+/7c44da721a59e6aa0b9fdcddb314175cb1e0123f

If this is incorrect, please apply the Test-Predator-Wrong-CLs label.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/cffcf5817a71561d18c7d86ad7d72180f049c3ab

commit cffcf5817a71561d18c7d86ad7d72180f049c3ab
Author: tanvir.rizvi <tanvir.rizvi@samsung.com>
Date: Fri Jan 12 10:24:51 2018

InsertText crash when DOM change.

InsertText caches the current DOM selection
which becomes invalid when DOM changes,
in this scenario positions could be disconnected,
causing the renderer to crash.
We should check the selection validity
before using the selection.

Bug:  793283 
Change-Id: Ia728140633ea1f2e15f13e06e51bd59edded70da
Reviewed-on: https://chromium-review.googlesource.com/839841
Reviewed-by: Xiaocheng Hu <xiaochengh@chromium.org>
Commit-Queue: Tanvir Rizvi <tanvir.rizvi@samsung.com>
Cr-Commit-Position: refs/heads/master@{#528920}
[modify] https://crrev.com/cffcf5817a71561d18c7d86ad7d72180f049c3ab/third_party/WebKit/Source/core/editing/commands/TypingCommand.cpp

ClusterFuzz has detected this issue as fixed in range 528919:528920.

Detailed report: https://clusterfuzz.com/testcase?key=4842509900709888

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_asan_chrome_v8_arm
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x00000008
Crash State:
  blink::Node::ContainsIncludingHostElements
  blink::SelectionEditor::NodeChildrenWillBeRemoved
  blink::SynchronousMutationNotifier::NotifyNodeChildrenWillBeRemoved
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_v8_arm&range=483672:483684
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_v8_arm&range=528919:528920

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4842509900709888

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4842509900709888 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.