chrishtr: Can you take a look or help route?

These bugs are almost always caused by stale layout. Putting it into the Layout team's queue.

 Issue 795498  has been merged into this issue.

Note that I tried to fix  issue 795498  with this patch:

https://chromium-review.googlesource.com/c/chromium/src/+/845140

It was reverted because somehow it caused some failing tests, though I don't
see how.

I created a re-land here:

https://chromium-review.googlesource.com/c/chromium/src/+/846199

It seems to pass all bots.. feel free to commit a clone of it.

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

cbiesinger: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

chrishtr: can you clarify the status of this bug? Are you planning to land https://chromium-review.googlesource.com/c/chromium/src/+/846199? (not sure who you were addressing when you said "feel free to commit..." in c8)

I deferred that step or an alternate one to cbiesinger@, who is the new
owner of the bug.

cbiesinger: Uh oh! This issue still open and hasn't been updated in the last 28 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Friendly ping from the security sheriff. We have a 60-day fix guarantee for High severity bugs, and this bug is now 38 days old. https://chromium.googlesource.com/chromium/src/+/master/docs/security/severity-guidelines.md#High-severity We don't want to exceed that deadline. Any updates on this bug?

chrishtr@, can you please land your revert of the revert ?

cbiesinger can you please take care of it?

Sending that path to CQ now.

https://chromium-review.googlesource.com/c/chromium/src/+/846199 landed (sorry, didn't realize that bug number was missing).

Will request merge tomorrow.

ClusterFuzz has detected this issue as fixed in range 535605:535609.

Detailed report: https://clusterfuzz.com/testcase?key=5125186050588672

Fuzzer: inferno_layout_test_unmodified
Job Type: windows_asan_content_shell
Platform Id: windows

Crash Type: Security DCHECK failure
Crash Address: 
Crash State:
  offset + length <= impl.length() in StringView.h
  blink::InlineTextBoxPainter::Paint
  blink::InlineTextBox::Paint
  
Sanitizer: address (ASAN)

Fixed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=535605:535609

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5125186050588672

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5125186050588672 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug requires manual review: M65 has already been promoted to the beta branch, so this requires manual review
Please contact the milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), bhthompson@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

+ awhalley@ (Security TPM) for M65 merge review.

govind@ - change in #20 good for 65

Approving merge for cl listed at #20 to M65 branch 3325 based on comment #27. Please merge ASAP so we can pick it up for this week Beta release. Thank you.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5b5bd68ae1b1237a1b3f1b8f28d7d358cad48d00

commit 5b5bd68ae1b1237a1b3f1b8f28d7d358cad48d00
Author: Chris Harrelson <chrishtr@chromium.org>
Date: Mon Feb 12 20:19:59 2018

Reland "Work around bug leading to out of range check when transforming first-line text."

This reverts commit 45d854ad1a41d8d90d81f24af58c8aa1206dc730.

Bug:  795498 , 798099 
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2
Change-Id: I9699ab3047102c9a1342f4d7b92404a3be7639df
Reviewed-on: https://chromium-review.googlesource.com/846199
Reviewed-by: Christian Biesinger <cbiesinger@chromium.org>
Commit-Queue: Christian Biesinger <cbiesinger@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#535607}(cherry picked from commit 3ee8649cef061b5016288b3f49f6e72288caf582)
Reviewed-on: https://chromium-review.googlesource.com/914782
Cr-Commit-Position: refs/branch-heads/3325@{#432}
Cr-Branched-From: bc084a8b5afa3744a74927344e304c02ae54189f-refs/heads/master@{#530369}
[add] https://crrev.com/5b5bd68ae1b1237a1b3f1b8f28d7d358cad48d00/third_party/WebKit/LayoutTests/fast/text/firstline/capitalize-transform.html
[modify] https://crrev.com/5b5bd68ae1b1237a1b3f1b8f28d7d358cad48d00/third_party/WebKit/Source/core/paint/InlineTextBoxPainter.cpp

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot