Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/1324be868df000cb2e070199ce2d10cd0c5a2706 (Make NextWordPosition() to utilize TextOffsetMapping).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

I'm working now...

Actually hit
text_iterator.cc(207)
- start <= end (
- start=DIV (editable)@beforeAnchor
- end=BODY (editable) (focused)@offsetInAnchor[0])

NextWordPosition(BODY@0) crahses

Minimal HTML to reproduce. Note: A space after <BODY> is required to reproduce.

<body contenteditable> <div><a></a></div></body>
<script>
const selection = window.getSelection();
selection.collapse(document.body, 0);
selection.modify('extend', 'forward', 'word');
</script>

Layout Tree
layer at (0,0) size 800x600
  LayoutBlockFlow {HTML} at (0,0) size 800x600
    LayoutBlockFlow {BODY} at (8,8) size 784x584
      LayoutBlockFlow {DIV} at (0,0) size 784x0
        LayoutInline {A} at (0,0) size 0x0

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/dec40a582a3805fb28dfd67ba49fc2cdb28a1b6c

commit dec40a582a3805fb28dfd67ba49fc2cdb28a1b6c
Author: Yoshifumi Inoue <yosin@chromium.org>
Date: Tue Apr 17 04:30:18 2018

Revert "Make NextWordPosition() to utilize TextOffsetMapping"

This reverts commit 1324be868df000cb2e070199ce2d10cd0c5a2706 for M67/Beta

TextOffsetMapping is not ready for release.
It should support edge cases.

TBR=yosin@chromium.org

Bug:  832055 ,  832061 ,  832101 ,  832261 ,  832350 ,  832497 ,  832639 ,  833172 ,  833180 
Change-Id: Iac5f58716619a626650088a55109922daf1a4f3a
Reviewed-on: https://chromium-review.googlesource.com/1013445
Reviewed-by: Yoshifumi Inoue <yosin@chromium.org>
Cr-Commit-Position: refs/branch-heads/3396@{#36}
Cr-Branched-From: 9ef2aa869bc7bc0c089e255d698cca6e47d6b038-refs/heads/master@{#550428}
[modify] https://crrev.com/dec40a582a3805fb28dfd67ba49fc2cdb28a1b6c/third_party/blink/renderer/core/editing/visible_units_word.cc
[modify] https://crrev.com/dec40a582a3805fb28dfd67ba49fc2cdb28a1b6c/third_party/blink/renderer/core/editing/visible_units_word_test.cc

Another HTML to reproduce:
<body id="target"> <div><a></a></div>
<script>
const selection = window.getSelection();
selection.collapse(document.getElementById('target'), 0);
selection.modify('extend', 'forward', 'word');
</script>

 Issue 832639  has been merged into this issue.

Issue 833735 has been merged into this issue.

In review: http://crrev.com/c/1013852

 Issue 833509  has been merged into this issue.

 Issue 833473  has been merged into this issue.

 Issue 833433  has been merged into this issue.

 Issue 833330  has been merged into this issue.

 Issue 833283  has been merged into this issue.

Issue 833905 has been merged into this issue.

 Issue 833962  has been merged into this issue.

 Issue 833935  has been merged into this issue.

 Issue 833933  has been merged into this issue.

 Issue 833932  has been merged into this issue.

 Issue 833930  has been merged into this issue.

 Issue 833903  has been merged into this issue.

 Issue 833899  has been merged into this issue.

 Issue 833893  has been merged into this issue.

 Issue 833891  has been merged into this issue.

 Issue 833887  has been merged into this issue.

 Issue 833884  has been merged into this issue.

 Issue 833794  has been merged into this issue.

Issue 835651 has been merged into this issue.

Issue 835535 has been merged into this issue.

 Issue 838723  has been merged into this issue.

ClusterFuzz testcase 6564425306472448 is flaky and no longer crashes, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.