[Webkit-unassigned] [Bug 90182] New: ASSERT_NOT_REACHED is reached when adjusting selection across editable boundaries

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jun 28 09:14:34 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=90182

           Summary: ASSERT_NOT_REACHED is reached when adjusting selection
                    across editable boundaries
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Other
        OS/Version: Other
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: HTML Editing
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: xuewen.wang at torchmobile.com.cn
                CC: tonikitoo at webkit.org, rniwa at webkit.org,
                    mifenton at rim.com


How to reproduce:
Use setBase() or setExtend across editable boundaries. 

Analysis:
In VisibleSelection::adjustSelectionToAvoidCrossingEditingBoundaries(), When setting VisibleSelection's m_base/m_extend and validating, ASSERT_NOT_REACHED() is reached since firstEditablePositionAfterPositionInRoot() and lastEditablePositionBeforePositionInRoot() may return Null position.
"
VisiblePosition firstEditablePositionAfterPositionInRoot(const Position& position, Node* highestRoot)
VisiblePosition lastEditablePositionBeforePositionInRoot(const Position& position, Node* highestRoot)
"
When the position's anchor node is equal to the highestRoot, the two functions return Null positions.

This issue was found from BlackBerry SelectionHandler.

The backtrace:
"
Thread [3] (Suspended: Signal 'SIGSEGV' received. Description: Segmentation
fault.)    
    16
WebCore::VisibleSelection::adjustSelectionToAvoidCrossingEditingBoundaries()
    15 WebCore::VisibleSelection::validate()
    14 WebCore::VisibleSelection::setBase()
    13 BlackBerry::WebKit::SelectionHandler::setSelection()
    12 BlackBerry::WebKit::WebPage::setSelection()
    11 BlackBerry::Platform::MethodDelegate2<void
(BlackBerry::WebKit::WebPage::*)(BlackBerry::Platform::IntPoint const&,
BlackBerry::Platform::IntPoint const&), BlackBerry::WebKit::WebPage,
BlackBerry::Platform::IntPoint, BlackBerry::Platform::IntPoint>::execute()
    10 BlackBerry::Platform::ExecutableMessage::execute()
    9 BlackBerry::Platform::MessageClient::executeMessage()
    8 BlackBerry::Platform::MessageClient::coalesceMessage()
    7 BlackBerry::Platform::MessageClient::receivePendingMessage()
    6 BlackBerry::Platform::MessageClient::processNextMessage()
    5 BlackBerry::Platform::MessageClient::exec()
    4 WebKitThread::exec()
    3 BlackBerry::Platform::MessageClient::run()
    2 timer_settime()
    1 <symbol is not available> 0x00000000    
"
A simple patch will be attached.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list