New issue
Advanced search Search tips

Issue 795842 link

Starred by 1 user
Status: Verified
Owner: ----
Closed: Jan 2018
Cc:
kkaluri@chromium.org
hirosh...@chromium.org
editing-dev@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug



Sign in to add a comment

FormatBlock command crashes with unusual HTML

Project Member Reported by ClusterFuzz, Dec 18 2017 
Detailed report: https://clusterfuzz.com/testcase?key=4592034462826496

Fuzzer: miaubiz_css_fuzzer
Job Type: linux_cfi_chrome
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000010
Crash State:
  chrome
  blink::Node::firstChild
  blink::Node* blink::NodeTraversal::ChildAtTemplate<blink::Node const>
  
Sanitizer: cfi (CFI)

Regressed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=523197:523221

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4592034462826496

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
Project Member

Comment 1 by ClusterFuzz, Dec 18 2017

Components: Blink>DOM Blink>Editing
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Dec 18 2017

Labels: Test-Predator-Auto-Owner
Owner: hirosh...@chromium.org
Status: Assigned (was: Untriaged)
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/bb33dbbbcf6f36daa5d7d116769b72a3c91ed9dc (Remove ScriptStreamer::resource_).

If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.

Comment 3 by kkaluri@chromium.org, Dec 22 2017

Cc: kkaluri@chromium.org
 Issue 796840  has been merged into this issue.

Comment 4 by kkaluri@chromium.org, Dec 22 2017 

 Issue 797177  has been merged into this issue.

Comment 5 by xiaoche...@chromium.org, Dec 22 2017

Cc: hirosh...@chromium.org
Components: -Blink>Editing -Blink>DOM Blink>Editing>Command
Labels: -Pri-1 Pri-3
Owner: ----
Status: Available (was: Assigned)
Summary: FormatBlock command crashes with unusual HTML (was: Null-dereference READ in chrome)
This is an editing bug. The editing team should take over it.

Lowered to P3 due to low usage of FormatBlock command.

Rerunning to see if recent changes fix it...

Comment 6 by xiaoche...@chromium.org, Dec 22 2017 

Still reproducing...
Project Member

Comment 7 by ClusterFuzz, Jan 2 2018

Labels: ClusterFuzz-Verified
Status: Verified (was: Available)
ClusterFuzz testcase 6256936575303680 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Project Member

Comment 8 by ClusterFuzz, Jan 9 2018

Labels: Needs-Feedback
ClusterFuzz testcase 6271245929938944 is still reproducing on tip-of-tree build (trunk).

Please re-test your fix against this testcase and if the fix was incorrect or incomplete, please re-open the bug. Otherwise, ignore this notification and add ClusterFuzz-Wrong label.

Sign in to add a comment