New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 828388 link

Starred by 3 users
Status: WontFix
Owner: ----
Closed: Sep 15
Cc:
brajkumar@chromium.org
editing-dev@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 3
Type: Bug



Sign in to add a comment

NEEDS_MINIMIZATION InsertOrderedList command crashes with null deref

Project Member Reported by ClusterFuzz, Apr 3 2018 
Detailed report: https://clusterfuzz.com/testcase?key=6271930852966400

Fuzzer: bj_broddelwerk
Job Type: windows_asan_chrome_no_sandbox
Platform Id: windows

Crash Type: Null-dereference READ
Crash Address: 0x000000000000
Crash State:
  blink::TextIteratorAlgorithm<class blink::EditingAlgorithm<class blink::NodeTrav
  blink::TextIteratorAlgorithm<class blink::EditingAlgorithm<class blink::NodeTrav
  blink::CompositeEditCommand::MoveParagraphs
  
Sanitizer: address (ASAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6271930852966400

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Comment 1 by brajkumar@chromium.org, Apr 4 2018

Cc: brajkumar@chromium.org
Components: Blink>Editing
Labels: M-66 Test-Predator-Wrong
Owner: xiaoche...@chromium.org
Status: Assigned (was: Untriaged)
> Unable to find actual suspect through code search and also observing no related changes under regression range.

> By looking in to stack trace this issue looks similar to  bug 760042 , hence assigning to same dev for more updates on this issue.

> xiaochengh@ Could you please take a look in to this issue?

Thanks!

Comment 2 by xiaoche...@chromium.org, Apr 4 2018

Components: -Blink>Editing Blink>Editing>Command
Labels: -Pri-1 Pri-3
Owner: ----
Status: Available (was: Assigned)
Summary: NEEDS_MINIMIZATION InsertOrderedList command crashes with null deref (was: Null-dereference READ in blink::TextIteratorAlgorithm<class blink::EditingAlgorithm<class blink::NodeTrav)
P3/Available due to low real world usage of document.execCommand('InsertOrderedList')

Comment 3 by xiaoche...@chromium.org, Apr 4 2018 

Here's a more useful stack trace:

[1:1:0404/141917.611759:FATAL:EditingUtilities.cpp(298)] Check failed: a.IsNotNull(). 
#0 0x7f8359b9155d base::debug::StackTrace::StackTrace()
#1 0x7f8359b8fb1c base::debug::StackTrace::StackTrace()
#2 0x7f8359c165aa logging::LogMessage::~LogMessage()
#3 0x7f834a7efc57 blink::ComparePositions()
#4 0x7f834a7f0167 blink::ComparePositions()
#5 0x7f834a88b6e8 blink::CompositeEditCommand::MoveParagraphs()
#6 0x7f834a88df53 blink::CompositeEditCommand::MoveParagraph()
#7 0x7f834a8b3009 blink::InsertListCommand::MoveParagraphOverPositionIntoEmptyListItem()
#8 0x7f834a8b2ac2 blink::InsertListCommand::ListifyParagraph()
#9 0x7f834a8b1941 blink::InsertListCommand::DoApplyForSingleParagraph()
#10 0x7f834a8b0469 blink::InsertListCommand::DoApply()
#11 0x7f834a8861d3 blink::CompositeEditCommand::Apply()
#12 0x7f834a8acc0f blink::InsertCommands::ExecuteInsertOrderedList()
#13 0x7f834a8a2a70 blink::EditorCommand::Execute()
#14 0x7f834a89c9a6 blink::Document::execCommand()
Project Member

Comment 4 by ClusterFuzz, Sep 15

Labels: -Reproducible Unreproducible
ClusterFuzz testcase 6271930852966400 appears to be flaky, updating reproducibility label.
Project Member

Comment 5 by ClusterFuzz, Sep 15

Status: WontFix (was: Available)
ClusterFuzz testcase 6271930852966400 is flaky and no longer crashes, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment