[Webkit-unassigned] [Bug 117091] New: Assert when selecting a video tag in contenteditable mode

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri May 31 14:01:13 PDT 2013 

https://bugs.webkit.org/show_bug.cgi?id=117091

           Summary: Assert when selecting a video tag in contenteditable
                    mode
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: achicu at adobe.com
                CC: hyatt at apple.com, rniwa at webkit.org


I get the following assert when I select the text around a video tag with position:relative. I've attached an example that reproduces the problem.

ASSERTION FAILED: !object || object->isRenderBlock()
/Users/achicu/code/webkit/Source/WebCore/rendering/RenderBlock.h(1329) : WebCore::RenderBlock *WebCore::toRenderBlock(WebCore::RenderObject *)

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x00000000bbadbeef
WTFCrash () at /Users/achicu/code/webkit/Source/WTF/wtf/Assertions.cpp:339
339        *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  WTFCrash () at /Users/achicu/code/webkit/Source/WTF/wtf/Assertions.cpp:339
#1  0x0000000103829e36 in WebCore::toRenderBlock (object=0x10a619808) at RenderBlock.h:1329
#2  0x0000000104afc686 in WebCore::LogicalSelectionOffsetCaches::LogicalSelectionOffsetCaches (this=0x7fff5fbfa268, rootBlock=0x10a619da8) at LogicalSelectionOffsetCaches.h:143
#3  0x0000000104ad748d in WebCore::LogicalSelectionOffsetCaches::LogicalSelectionOffsetCaches (this=0x7fff5fbfa268, rootBlock=0x10a619da8) at LogicalSelectionOffsetCaches.h:145
#4  0x0000000104abb36d in WebCore::RenderBlock::selectionGapRectsForRepaint (this=0x10a619da8, repaintContainer=0x10a619da8) at /Users/achicu/code/webkit/Source/WebCore/rendering/RenderBlock.cpp:3455
#5  0x0000000104d7708b in WebCore::RenderBlockSelectionInfo::RenderBlockSelectionInfo (this=0x10e505120, b=0x10a619da8) at RenderSelectionInfo.h:86
#6  0x0000000104d6e7ed in WebCore::RenderBlockSelectionInfo::RenderBlockSelectionInfo (this=0x10e505120, b=0x10a619da8) at RenderSelectionInfo.h:88
#7  0x0000000104d6c664 in WebCore::RenderView::setSelection (this=0x10a60c498, start=0x10a6117a8, startPos=0, end=0x10a61bb38, endPos=7, blockRepaintMode=WebCore::RenderView::RepaintNewXOROld) at /Users/achicu/code/webkit/Source/WebCore/rendering/RenderView.cpp:784
#8  0x0000000103ec90bb in WebCore::FrameSelection::updateAppearance (this=0x100548af0) at /Users/achicu/code/webkit/Source/WebCore/editing/FrameSelection.cpp:1822
#9  0x0000000103ec7481 in WebCore::FrameSelection::setSelection (this=0x100548af0, newSelection=@0x7fff5fbfac78, options=7, align=WebCore::FrameSelection::AlignCursorOnScrollIfNeeded, granularity=WebCore::CharacterGranularity) at /Users/achicu/code/webkit/Source/WebCore/editing/FrameSelection.cpp:322
#10 0x0000000103ecdef6 in WebCore::FrameSelection::setExtent (this=0x100548af0, pos=@0x7fff5fbfaef8, userTriggered=WebCore::UserTriggered) at /Users/achicu/code/webkit/Source/WebCore/editing/FrameSelection.cpp:1240
#11 0x0000000103ecdbf0 in WebCore::FrameSelection::modify (this=0x100548af0, alter=WebCore::FrameSelection::AlterationExtend, direction=WebCore::DirectionForward, granularity=WebCore::LineGranularity, userTriggered=WebCore::UserTriggered) at /Users/achicu/code/webkit/Source/WebCore/editing/FrameSelection.cpp:1041
#12 0x0000000103d7c0e4 in WebCore::executeMoveDownAndModifySelection (frame=0x100548380) at /Users/achicu/code/webkit/Source/WebCore/editing/EditorCommand.cpp:634
#13 0x0000000103d797e5 in WebCore::Editor::Command::execute (this=0x7fff5fbfb1d8, parameter=@0x7fff5fbfb108, triggeringEvent=0x10bc00920) at /Users/achicu/code/webkit/Source/WebCore/editing/EditorCommand.cpp:1706
#14 0x0000000103d799a5 in WebCore::Editor::Command::execute (this=0x7fff5fbfb1d8, triggeringEvent=0x10bc00920) at /Users/achicu/code/webkit/Source/WebCore/editing/EditorCommand.cpp:1711
#15 0x0000000101350e2b in WebKit::WebPage::executeKeypressCommandsInternal (this=0x10c85ae00, commands=@0x10bc00998, event=0x10bc00920) at /Users/achicu/code/webkit/Source/WebKit2/WebProcess/WebPage/mac/WebPageMac.mm:194
#16 0x0000000101351a30 in WebKit::WebPage::handleEditingKeyboardEvent (this=0x10c85ae00, event=0x10bc00920, saveCommands=false) at /Users/achicu/code/webkit/Source/WebKit2/WebProcess/WebPage/mac/WebPageMac.mm:254
#17 0x00000001012ab976 in WebKit::WebEditorClient::handleKeyboardEvent (this=0x100542720, event=0x10bc00920) at /Users/achicu/code/webkit/Source/WebKit2/WebProcess/WebCoreSupport/mac/WebEditorClientMac.mm:64
#18 0x0000000103d63b42 in WebCore::Editor::handleKeyboardEvent (this=0x100548880, event=0x10bc00920) at /Users/achicu/code/webkit/Source/WebCore/editing/Editor.cpp:211
#19 0x0000000103dc3201 in WebCore::EventHandler::defaultKeyboardEventHandler (this=0x100548c00, event=0x10bc00920) at /Users/achicu/code/webkit/Source/WebCore/page/EventHandler.cpp:3360
#20 0x00000001049c8e90 in WebCore::Node::defaultEventHandler (this=0x10a612750, event=0x10bc00920) at /Users/achicu/code/webkit/Source/WebCore/dom/Node.cpp:2313
#21 0x0000000103db031b in WebCore::EventDispatcher::dispatchEventPostProcess (this=0x7fff5fbfb660, preDispatchEventHandlerResult=0x0) at /Users/achicu/code/webkit/Source/WebCore/dom/EventDispatcher.cpp:202
#22 0x0000000103daf788 in WebCore::EventDispatcher::dispatch (this=0x7fff5fbfb660) at /Users/achicu/code/webkit/Source/WebCore/dom/EventDispatcher.cpp:121
#23 0x0000000103db12ef in WebCore::EventDispatchMediator::dispatchEvent (this=0x10e50a220, dispatcher=0x7fff5fbfb660) at /Users/achicu/code/webkit/Source/WebCore/dom/EventDispatchMediator.cpp:54
#24 0x0000000103daecd0 in WebCore::EventDispatcher::dispatchEvent (node=0x10a612750, mediator=@0x7fff5fbfb7e0) at /Users/achicu/code/webkit/Source/WebCore/dom/EventDispatcher.cpp:53
#25 0x00000001049c862b in WebCore::Node::dispatchEvent (this=0x10a612750, event=@0x7fff5fbfb840) at /Users/achicu/code/webkit/Source/WebCore/dom/Node.cpp:2231
#26 0x0000000103dde749 in WebCore::EventTarget::dispatchEvent (this=0x10a612750, event=@0x7fff5fbfb998, ec=@0x7fff5fbfb990) at /Users/achicu/code/webkit/Source/WebCore/dom/EventTarget.cpp:148
#27 0x0000000103dc2cad in WebCore::EventHandler::keyEvent (this=0x100548c00, initialKeyEvent=@0x7fff5fbfbaa8) at /Users/achicu/code/webkit/Source/WebCore/page/EventHandler.cpp:3264
#28 0x0000000101326699 in WebKit::handleKeyEvent (keyboardEvent=@0x7fff5fbfbc38, page=0x10c85b600) at /Users/achicu/code/webkit/Source/WebKit2/WebProcess/WebPage/WebPage.cpp:1768
#29 0x0000000101326527 in WebKit::WebPage::keyEvent (this=0x10c85ae00, keyboardEvent=@0x7fff5fbfbc38) at /Users/achicu/code/webkit/Source/WebKit2/WebProcess/WebPage/WebPage.cpp:1778
#30 0x0000000101371837 in CoreIPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&), WebKit::WebKeyboardEvent> (args=@0x7fff5fbfbc38, object=0x10c85ae00, function={ptr = 4315047104, ptr = 0}) at HandleMessage.h:21
#31 0x000000010136377c in CoreIPC::handleMessage<Messages::WebPage::KeyEvent, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&)> (decoder=@0x10a40cec0, object=0x10c85ae00, function={ptr = 4315047104, ptr = 0}) at HandleMessage.h:370
#32 0x000000010135daac in WebKit::WebPage::didReceiveWebPageMessage (this=0x10c85ae00, decoder=@0x10a40cec0) at /Users/achicu/code/webkit/WebKitBuild/regions_comp_patch1/Debug/DerivedSources/WebKit2/WebPageMessageReceiver.cpp:126
#33 0x000000010132a397 in WebKit::WebPage::didReceiveMessage (this=0x10c85ae00, connection=0x10050a200, decoder=@0x10a40cec0) at /Users/achicu/code/webkit/Source/WebKit2/WebProcess/WebPage/WebPage.cpp:3159
#34 0x000000010132a3d7 in non-virtual thunk to WebKit::WebPage::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) (this=0x10c85ae10, connection=0x10050a200, decoder=@0x10a40cec0) at /Users/achicu/code/webkit/Source/WebKit2/WebProcess/WebPage/WebPage.cpp:3160
#35 0x00000001010d8a00 in CoreIPC::MessageReceiverMap::dispatchMessage (this=0x1001295a8, connection=0x10050a200, decoder=@0x10a40cec0) at /Users/achicu/code/webkit/Source/WebKit2/Platform/CoreIPC/MessageReceiverMap.cpp:86
#36 0x000000010140c97a in WebKit::WebProcess::didReceiveMessage (this=0x100129550, connection=0x10050a200, decoder=@0x10a40cec0) at /Users/achicu/code/webkit/Source/WebKit2/WebProcess/WebProcess.cpp:637
#37 0x00000001010309b3 in CoreIPC::Connection::dispatchMessage (this=0x10050a200, decoder=@0x10a40cec0) at /Users/achicu/code/webkit/Source/WebKit2/Platform/CoreIPC/Connection.cpp:788
#38 0x000000010102cd1a in CoreIPC::Connection::dispatchMessage (this=0x10050a200, incomingMessage=<value temporarily unavailable, due to optimizations>) at /Users/achicu/code/webkit/Source/WebKit2/Platform/CoreIPC/Connection.cpp:811
#39 0x000000010103094b in CoreIPC::Connection::dispatchOneMessage (this=0x10050a200) at /Users/achicu/code/webkit/Source/WebKit2/Platform/CoreIPC/Connection.cpp:837
#40 0x000000010103bf52 in WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>::operator() (this=0x10a403900, c=0x10050a200) at Functional.h:218
#41 0x000000010103bed5 in WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>, void ()(CoreIPC::Connection*)>::operator() (this=0x10a4038f0) at Functional.h:496
#42 0x0000000104dc4222 in WTF::Function<void ()()>::operator() (this=0x7fff5fbfdf30) at Functional.h:704
#43 0x0000000104dc3e78 in WebCore::RunLoop::performWork (this=0x1001215e0) at /Users/achicu/code/webkit/Source/WebCore/platform/RunLoop.cpp:104
#44 0x0000000104dc57b4 in WebCore::RunLoop::performWork (context=0x1001215e0) at /Users/achicu/code/webkit/Source/WebCore/platform/cf/RunLoopCF.cpp:38
#45 0x00007fff8f51cb31 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ ()
#46 0x00007fff8f51c455 in __CFRunLoopDoSources0 ()
#47 0x00007fff8f53f7f5 in __CFRunLoopRun ()
#48 0x00007fff8f53f0e2 in CFRunLoopRunSpecific ()
#49 0x00007fff9749beb4 in RunCurrentEventLoopInMode ()
#50 0x00007fff9749bc52 in ReceiveNextEventCommon ()
#51 0x00007fff9749bae3 in BlockUntilNextEventMatchingListInMode ()
#52 0x00007fff96963563 in _DPSNextEvent ()
#53 0x00007fff96962e22 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] ()
#54 0x00007fff9695a1d3 in -[NSApplication run] ()
#55 0x0000000104dc6512 in WebCore::RunLoop::run () at /Users/achicu/code/webkit/Source/WebCore/platform/mac/RunLoopMac.mm:43
#56 0x000000010126343c in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebContentProcessMainDelegate> (argc=6, argv=0x7fff5fbff740) at ChildProcessEntryPoint.h:98
#57 0x000000010126307b in WebContentProcessMain (argc=6, argv=0x7fff5fbff740) at /Users/achicu/code/webkit/Source/WebKit2/WebProcess/EntryPoint/mac/LegacyProcess/WebContentProcessMain.mm:179
#58 0x0000000100000d1d in WebKit::BootstrapMain (argc=6, argv=0x7fff5fbff740) at /Users/achicu/code/webkit/Source/WebKit2/Shared/EntryPointUtilities/mac/LegacyProcess/ChildProcessMain.mm:76
#59 0x0000000100000b92 in main (argc=6, argv=0x7fff5fbff740) at /Users/achicu/code/webkit/Source/WebKit2/Shared/EntryPointUtilities/mac/LegacyProcess/ChildProcessMain.mm:83

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list