New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 897273 link

Starred by 1 user
Status: Available
Owner: ----
Cc:
tanvir.r...@samsung.com
kkaluri@chromium.org
editing-dev@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug



Sign in to add a comment

Null-dereference READ in blink::RootEditableElement

Project Member Reported by ClusterFuzz, Oct 19 
Detailed report: https://clusterfuzz.com/testcase?key=6434695783645184

Fuzzer: bj_broddelwerk
Job Type: linux_msan_content_shell_drt
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000020
Crash State:
  blink::RootEditableElement
  blink::DeleteSelectionCommand::RemoveRedundantBlocks
  blink::DeleteSelectionCommand::DoApply
  
Sanitizer: memory (MSAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6434695783645184

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Comment 1 by kkaluri@chromium.org, Oct 23

Cc: kkaluri@chromium.org tanvir.r...@samsung.com
Labels: Test-Predator-Wrong M-70
Owner: xiaoche...@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL could not provide any possible suspects.

Using Code Search for the file, "delete_selection_command.cc" suspecting the below Cl might have caused this issue

Suspect CL: https://chromium.googlesource.com/chromium/src/+/c052c5a049eaa722d54834213ea3b235d06c157a

Since author is not a chromium member, assigning it to reviewer

xiaochengh@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner.

Thanks!

Comment 2 by xiaoche...@chromium.org, Oct 23

Components: Blink>Editing>Command
Labels: -Pri-1 Pri-3
Owner: ----
Status: Available (was: Assigned)
Not a high severity bug due to unusual HTML and script, and as it already crashes in M69 stable.

Sign in to add a comment