[Webkit-unassigned] [Bug 152116] New: ASSERTION FAILED: m_offset < m_text2->length() in WebCore::SplitTextNodeCommand::SplitTextNodeCommand

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Dec 10 02:58:23 PST 2015 

https://bugs.webkit.org/show_bug.cgi?id=152116

            Bug ID: 152116
           Summary: ASSERTION FAILED: m_offset < m_text2->length() in
                    WebCore::SplitTextNodeCommand::SplitTextNodeCommand
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: HTML Editing
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rhodovan.u-szeged at partner.samsung.com
                CC: darin at apple.com
            Blocks: 116980

Created attachment 267088
  --> https://bugs.webkit.org/attachment.cgi?id=267088&action=review
Test

Load the attached test with debug MiniBrowser:

<textarea autofocus>g </textarea>
<script>
onload = function() {
    document.execCommand("selectAll");
    document.execCommand("fontname");
    document.execCommand("undo");
    document.execCommand("insertText", false, "a");
    document.execCommand("redo");
    document.execCommand("forwardDelete");
}
</script>


OS: Ubuntu 15.10 x86_64
Checked build: debug EFL
Checked version: 2559fac


Backtrace:

ASSERTION FAILED: m_offset < m_text2->length()
../../Source/WebCore/editing/SplitTextNodeCommand.cpp(48) : WebCore::SplitTextNodeCommand::SplitTextNodeCommand(WTF::PassRefPtr<WebCore::Text>, int)
1   0x7f17661c6fb8 WTFCrash
2   0x7f1765aa8e26 WebCore::SplitTextNodeCommand::SplitTextNodeCommand(WTF::PassRefPtr<WebCore::Text>, int)
3   0x7f1765a893c2 WebCore::SplitTextNodeCommand::create(WTF::PassRefPtr<WebCore::Text>, int)
4   0x7f1765a7ef7a WebCore::CompositeEditCommand::splitTextNode(WTF::PassRefPtr<WebCore::Text>, unsigned int)
5   0x7f1765a692a4 WebCore::ApplyBlockElementCommand::endOfNextParagraphSplittingTextNodesIfNeeded(WebCore::VisiblePosition&, WebCore::Position&, WebCore::Position&)
6   0x7f1765a67b4e WebCore::ApplyBlockElementCommand::formatSelection(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&)
7   0x7f17648c965b WebCore::IndentOutdentCommand::formatSelection(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&)
8   0x7f1765a66dfc WebCore::ApplyBlockElementCommand::doApply()
9   0x7f1765a7cf86 WebCore::CompositeEditCommand::apply()
10  0x7f1765a7cd4d WebCore::applyCommand(WTF::PassRefPtr<WebCore::CompositeEditCommand>)
11  0x7f17648af6f6
12  0x7f17648b399e WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const
13  0x7f176475333d WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&)
14  0x7f1765eb790f WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::ExecState*)
15  0x7f16fffff0c8
Aborted (core dumped)

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f17661c6fbd in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321     *(int *)(uintptr_t)0xbbadbeef = 0;
[Current thread is 1 (Thread 0x7f1769cfca80 (LWP 28677))]
#0  0x00007f17661c6fbd in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1  0x00007f1765aa8e26 in WebCore::SplitTextNodeCommand::SplitTextNodeCommand (this=0x7f1745bbca80, text=..., offset=1) at ../../Source/WebCore/editing/SplitTextNodeCommand.cpp:48
#2  0x00007f1765a893c2 in WebCore::SplitTextNodeCommand::create (node=..., offset=1) at ../../Source/WebCore/editing/SplitTextNodeCommand.h:39
#3  0x00007f1765a7ef7a in WebCore::CompositeEditCommand::splitTextNode (this=0x7f1745b28108, node=..., offset=1) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:476
#4  0x00007f1765a692a4 in WebCore::ApplyBlockElementCommand::endOfNextParagraphSplittingTextNodesIfNeeded (this=0x7f1745b28108, endOfCurrentParagraph=..., start=..., end=...) at ../../Source/WebCore/editing/ApplyBlockElementCommand.cpp:272
#5  0x00007f1765a67b4e in WebCore::ApplyBlockElementCommand::formatSelection (this=0x7f1745b28108, startOfSelection=..., endOfSelection=...) at ../../Source/WebCore/editing/ApplyBlockElementCommand.cpp:143
#6  0x00007f17648c965b in WebCore::IndentOutdentCommand::formatSelection (this=0x7f1745b28108, startOfSelection=..., endOfSelection=...) at ../../Source/WebCore/editing/IndentOutdentCommand.cpp:226
#7  0x00007f1765a66dfc in WebCore::ApplyBlockElementCommand::doApply (this=0x7f1745b28108) at ../../Source/WebCore/editing/ApplyBlockElementCommand.cpp:90
#8  0x00007f1765a7cf86 in WebCore::CompositeEditCommand::apply (this=0x7f1745b28108) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:227
#9  0x00007f1765a7cd4d in WebCore::applyCommand (command=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:186
#10 0x00007f17648af6f6 in WebCore::executeIndent (frame=...) at ../../Source/WebCore/editing/EditorCommand.cpp:456
#11 0x00007f17648b399e in WebCore::Editor::Command::execute (this=0x7ffcfebbf1d0, parameter=..., triggeringEvent=0x0) at ../../Source/WebCore/editing/EditorCommand.cpp:1703
#12 0x00007f176475333d in WebCore::Document::execCommand (this=0x7f1745a1d9c0, commandName=..., userInterface=false, value=...) at ../../Source/WebCore/dom/Document.cpp:4656
#13 0x00007f1765eb790f in WebCore::jsDocumentPrototypeFunctionExecCommand (state=0x7ffcfebbf2a0) at DerivedSources/WebCore/JSDocument.cpp:5066
#14 0x00007f16fffff0c8 in ?? ()
#15 0x00007ffcfebbf330 in ?? ()
#16 0x00007f175998e57c in llint_entry () from webkit/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.1

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151210/e784a62d/attachment-0001.html>

More information about the webkit-unassigned mailing list