Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/ffb5de3934abd4e16399b2f79e7100823c6076fd (Don't propagate cmdline flags that are not read by renderer processes.).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

ClusterFuzz has detected this issue as fixed in range 572539:572540.

Detailed report: https://clusterfuzz.com/testcase?key=4915330011627520

Fuzzer: bj_broddelwerk
Job Type: linux_debug_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  false in text_iterator_text_node_handler.cc
  blink::TextIteratorTextNodeHandler::HandlePreFormattedTextNode
  blink::TextIteratorTextNodeHandler::HandleTextNodeInRange
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=529050:529051
Fixed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=572539:572540

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4915330011627520

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4915330011627520 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Still reproducing on ToT.

I'll take a look.

Minimized repro:

<style>#test::first-letter{visibility:hidden}</style>                                                                                                                                   
<pre id=test>foo</pre>                                                                                                                                                                  
<script>                                                                                                                                                                                
document.execCommand('findString', false, 'foo');                                                                                                                                       
</script>   

I somehow thought ::first-letter and remaining text must have the same visibility but I'm wrong...

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a67a23ec80247b14d88f375a75742f8af580e8cf

commit a67a23ec80247b14d88f375a75742f8af580e8cf
Author: Xiaocheng Hu <xiaochengh@chromium.org>
Date: Sat Jul 14 01:02:10 2018

Handle invisible ::first-letter in TextIterator

When the first letter part of a text node has 'visibility' CSS property
set to non-visible, while the remaining text remains visible, current
TextIterator fails to skip the first letter part and proceed to
remaining text correctly.

This patch fixes that.

This patch also reveals other existing issues in TextIterator, which
will be fixed later.

Bug:  858924 
Cq-Include-Trybots: luci.chromium.try:linux_layout_tests_layout_ng
Change-Id: Id2a52d229393d9f6c4d3a664ac24d794e836cff1
Reviewed-on: https://chromium-review.googlesource.com/1134487
Reviewed-by: Emil A Eklund <eae@chromium.org>
Commit-Queue: Xiaocheng Hu <xiaochengh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#575126}
[modify] https://crrev.com/a67a23ec80247b14d88f375a75742f8af580e8cf/third_party/blink/renderer/core/editing/iterators/text_iterator_test.cc
[modify] https://crrev.com/a67a23ec80247b14d88f375a75742f8af580e8cf/third_party/blink/renderer/core/editing/iterators/text_iterator_text_node_handler.cc