Issue metadata
Sign in to add a comment
|
MostForwardCaretPosition crashes due to different visibility of first letter and remaining text |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6443120477339648 Fuzzer: bj_broddelwerk Job Type: linux_debug_chrome Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: current_pos.AtStartOfNode() in visible_units.cc blink::PositionTemplate<blink::EditingAlgorithm<blink::NodeTraversal> > blink::M blink::MostForwardCaretPosition Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=551511:551515 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6443120477339648 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Jul 3
Predator and CL could not provide any possible suspects. Using Code Search for the file, "visible_units.cc" suspecting the below Cl might have caused this issue Suspect CL: https://chromium.googlesource.com/chromium/src/+/8e793a18ec6358414ffc337b336c93d4f6061c91 xiaochengh@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner. Thanks!
,
Jul 3
Doesn't look like a regression. We somehow got a text node where ::first-letter has 'visibility: hidden' and remaining text has 'visibility: visible'...
,
Jul 3
Not a regression of the suspected CL. Tested with 67.0.3380.0, which doesn't have the CL but still hits the same DCHECK. Deprioritize to P3 since it's an old bug without minimization. Will revisit if minimization succeeds.
,
Jul 9
The NextAction date has arrived: 2018-07-09
,
Jul 10
Retrying minimization...
,
Jul 10
This crash occurs very frequently on linux platform and is likely preventing the fuzzer bj_broddelwerk from making much progress. Fixing this will allow more bugs to be found. Marking this bug as a blocker for next Beta release. If this is incorrect, please add ClusterFuzz-Wrong label and remove the ReleaseBlock-Beta label.
,
Jul 10
M69 branch is coming VERY soon on July 19th, Your bug is marked as ReleaseBlock-Beta for M69. Please try to land the fix ASAP to trunk in order to prevent many merges going after M69 branch. This will also help us to branch M69 from high quality trunk. Thank you.
,
Jul 10
ClusterFuzz testcase 6443120477339648 appears to be flaky, updating reproducibility label.
,
Jul 10
Removing RB-Beta label since this is an old crash, and should be a very edge case.
,
Jul 13
Turns out not a very edge case... Minimized repro
<style>div::first-letter{visibility:hidden}</style>
<div contenteditable>foo</div>
Clicking on the "blank area" before "oo" hits the DCHECK
,
Jul 17
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/fec2c2ce65e766e5058b36bcea63f962027d2def commit fec2c2ce65e766e5058b36bcea63f962027d2def Author: Xiaocheng Hu <xiaochengh@chromium.org> Date: Tue Jul 17 06:56:42 2018 Handle invisible ::first-letter in MostForwardCaretPosition MostForwardCaretPosition asserts that, if we have moved to a visible text node different from start node, the caret position can always be found from the beginning of the text node, which is incorrect if the text node contains invisible first letter part. This patch fixes the incorrect assertion as the function already returns correct result in this case. Bug: 858965 Cq-Include-Trybots: luci.chromium.try:linux_layout_tests_layout_ng Change-Id: I8daa0ef59e06d4e9878c2e2c29bd12bf1825ead0 Reviewed-on: https://chromium-review.googlesource.com/1136944 Reviewed-by: Yoshifumi Inoue <yosin@chromium.org> Commit-Queue: Xiaocheng Hu <xiaochengh@chromium.org> Cr-Commit-Position: refs/heads/master@{#575563} [modify] https://crrev.com/fec2c2ce65e766e5058b36bcea63f962027d2def/third_party/blink/renderer/core/editing/visible_units.cc [modify] https://crrev.com/fec2c2ce65e766e5058b36bcea63f962027d2def/third_party/blink/renderer/core/editing/visible_units_test.cc
,
Jul 17
ClusterFuzz has detected this issue as fixed in range 575069:575074. Detailed report: https://clusterfuzz.com/testcase?key=6443120477339648 Fuzzer: bj_broddelwerk Job Type: linux_debug_chrome Platform Id: linux Crash Type: Abrt Crash Address: 0x0539000078eb Crash State: sw::FrameBufferX11::~FrameBufferX11 egl::WindowSurface::~WindowSurface egl::WindowSurface::~WindowSurface Sanitizer: address (ASAN) Fixed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=575069:575074 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6443120477339648 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 17
,
Jul 17
ClusterFuzz has detected this issue as fixed in range 575069:575074. Detailed report: https://clusterfuzz.com/testcase?key=6443120477339648 Fuzzer: bj_broddelwerk Job Type: linux_debug_chrome Platform Id: linux Crash Type: Abrt Crash Address: 0x0539000078eb Crash State: sw::FrameBufferX11::~FrameBufferX11 egl::WindowSurface::~WindowSurface egl::WindowSurface::~WindowSurface Sanitizer: address (ASAN) Fixed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=575069:575074 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6443120477339648 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Jun 29 2018Labels: Test-Predator-Auto-Components