'InsertImage' command crashes with unusual HTML |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6600442126270464 Fuzzer: inferno_layout_test_unmodified Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: Abrt Crash Address: 0x053900000001 Crash State: blink::CreateMarkupAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::Cr blink::CreateMarkup blink::CompositeEditCommand::MoveParagraphs Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=545390:545391 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6600442126270464 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
May 18 2018
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/8e793a18ec6358414ffc337b336c93d4f6061c91 (Skip non-text svg elements in Most{For/Back}wardCaretPosition). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
May 21 2018
P3/Available for document.execCommand('InsertImage')
Hits DCHECK before the crash site:
[FATAL:composite_edit_command.cc(1377)] Check failed: IsStartOfParagraph(start_of_paragraph_to_move). MAP class="CLASS10 CLASS7" (editable)@beforeAnchor/TextAffinity::Downstream
#0 base::debug::StackTrace::StackTrace()
#1 logging::LogMessage::~LogMessage()
#2 blink::CompositeEditCommand::MoveParagraph()
#3 blink::ReplaceSelectionCommand::MergeEndIfNeeded()
#4 blink::ReplaceSelectionCommand::DoApply()
#5 blink::CompositeEditCommand::Apply()
#6 blink::InsertCommands::ExecuteInsertFragment()
#7 blink::InsertCommands::ExecuteInsertElement()
#8 blink::InsertCommands::ExecuteInsertImage()
#9 blink::EditorCommand::Execute()
#10 blink::Document::execCommand()
,
Jan 3
ClusterFuzz has detected this issue as fixed in range 619628:619629. Detailed report: https://clusterfuzz.com/testcase?key=6600442126270464 Fuzzer: inferno_layout_test_unmodified Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: Abrt Crash Address: 0x053900000001 Crash State: blink::CreateMarkupAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::Cr blink::CreateMarkup blink::CompositeEditCommand::MoveParagraphs Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=545390:545391 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=619628:619629 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6600442126270464 See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 3
ClusterFuzz testcase 6600442126270464 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by ClusterFuzz
, May 18 2018Labels: Test-Predator-Auto-Components