Issue metadata
Sign in to add a comment
|
NOTREACHED in AdjustSelectionToAvoidCrossingEditingBoundaries |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4840302003879936 Fuzzer: attekett_dom_fuzzer Job Type: linux_cfi_chrome Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000010 Crash State: chrome blink::Node::UpdateDistribution blink::ComparePositions Sanitizer: cfi (CFI) Regressed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=540771:540773 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4840302003879936 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Apr 12 2018
Unable to find actual suspect through code search and also observing no suspecting CL under regression range, hence adding appropriate label and requesting someone from blink team to look in to this issue. Thanks!
,
Apr 12 2018
,
Apr 12 2018
Minimized repro:
<object></object>
<aside></aside>
<object id=test1>35237</object>
<script>
document.designMode = "on"
document.execCommand("selectall");
</script>
Hitting a NOTREACHED at selection_adjuster.cc L741:
732 // The selection is based in non-editable content.
733 // FIXME: Non-editable pieces inside editable content should be atomic, in
734 // the same way that editable pieces in non-editable content are atomic.
735 const PositionTemplate<Strategy>& end =
736 AdjustSelectionEndToAvoidCrossingEditingBoundaries(
737 range.EndPosition(), end_root, base_editable_ancestor);
738 if (end.IsNull()) {
739 // The selection crosses an Editing boundary. This is a
740 // programmer error in the editing code. Happy debugging!
741 NOTREACHED();
742 return {};
743 }
,
Apr 18 2018
,
Apr 18 2018
,
May 6 2018
ClusterFuzz has detected this issue as fixed in range 556325:556327. Detailed report: https://clusterfuzz.com/testcase?key=4840302003879936 Fuzzer: attekett_dom_fuzzer Job Type: linux_cfi_chrome Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000010 Crash State: chrome blink::Node::UpdateDistribution blink::ComparePositions Sanitizer: cfi (CFI) Regressed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=540771:540773 Fixed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=556325:556327 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4840302003879936 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 6 2018
ClusterFuzz testcase 4840302003879936 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Apr 10 2018Labels: Test-Predator-Auto-Components