[Webkit-unassigned] [Bug 151602] New: ASSERTION FAILED: forward ? nativeIndex < nativeLength : nativeIndex <= nativeLength in WebCore::textUTF16ContextAwareMoveInPrimaryContext

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Nov 25 07:25:34 PST 2015 

https://bugs.webkit.org/show_bug.cgi?id=151602

            Bug ID: 151602
           Summary: ASSERTION FAILED: forward ? nativeIndex < nativeLength
                    : nativeIndex <= nativeLength in
                    WebCore::textUTF16ContextAwareMoveInPrimaryContext
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rhodovan.u-szeged at partner.samsung.com
                CC: andersca at apple.com, sam at webkit.org
            Blocks: 116980

Created attachment 266160
  --> https://bugs.webkit.org/attachment.cgi?id=266160&action=review
Test

Load the attached test with debug MiniBrowser:

<script>
window.onload = function() {
    document.designMode = 'on';
    document.execCommand('selectAll');
    document.execCommand('indent');
}
</script>
<style>
*, h2::first-letter {
    white-space: pre-wrap;
}
</style>
<h2>x&#1111111;</h2>


OS: Ubuntu 15.10 x86_64
Checked build: debug EFL
Checked version: 3898028


Backtrace:

ASSERTION FAILED: forward ? nativeIndex < nativeLength : nativeIndex <= nativeLength
../../Source/WebCore/platform/text/icu/UTextProviderUTF16.cpp(71) : void WebCore::textUTF16ContextAwareMoveInPrimaryContext(UText*, int64_t, int64_t, UBool)
1   0x7f78f98a674e WTFCrash
2   0x7f78f85c80f3
3   0x7f78f85c82b0
4   0x7f78f85c86e5
5   0x7f78eabacbf2 utext_setNativeIndex_55
6   0x7f78eabea798 icu_55::RuleBasedBreakIterator::handlePrevious(icu_55::RBBIStateTable const*)
7   0x7f78eabeada2 icu_55::RuleBasedBreakIterator::following(int)
8   0x7f78f85b8e25 WebCore::textBreakFollowing(WebCore::TextBreakIterator*, int)
9   0x7f78f87f5d2a int WebCore::nextBreakablePositionNonLoosely<unsigned short, (WebCore::NBSPBehavior)0>(WebCore::LazyLineBreakIterator&, unsigned short const*, unsigned int, int)
10  0x7f78f87f4617 WebCore::nextBreakablePositionIgnoringNBSP(WebCore::LazyLineBreakIterator&, int)
11  0x7f78f87f4931 WebCore::isBreakable(WebCore::LazyLineBreakIterator&, int, int&, bool, bool, bool)
12  0x7f78f884c86e WebCore::BreakingContext::handleText(WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow, 16ul>&, bool&, unsigned int&)
13  0x7f78f8847694 WebCore::LineBreaker::nextLineBreak(WebCore::BidiResolverWithIsolate<WebCore::InlineIterator, WebCore::BidiRun, WebCore::BidiIsolatedRun>&, WebCore::LineInfo&, WebCore::LineLayoutState&, WebCore::RenderTextInfo&, WebCore::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow, 16ul>&)
14  0x7f78f864c24e WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolverWithIsolate<WebCore::InlineIterator, WebCore::BidiRun, WebCore::BidiIsolatedRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int)
15  0x7f78f864be06 WebCore::RenderBlockFlow::layoutRunsAndFloats(WebCore::LineLayoutState&, bool)
16  0x7f78f864e757 WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
17  0x7f78f8629687 WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
18  0x7f78f86289c8 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
19  0x7f78f85fa8c8 WebCore::RenderBlock::layout()
20  0x7f78f8629a4e WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
21  0x7f78f862958c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
22  0x7f78f86289ec WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
23  0x7f78f85fa8c8 WebCore::RenderBlock::layout()
24  0x7f78f8629a4e WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
25  0x7f78f862958c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
26  0x7f78f86289ec WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
27  0x7f78f85fa8c8 WebCore::RenderBlock::layout()
28  0x7f78f8629a4e WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
29  0x7f78f862958c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
30  0x7f78f86289ec WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
31  0x7f78f85fa8c8 WebCore::RenderBlock::layout()
Aborted (core dumped)

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f78f98a6753 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321     *(int *)(uintptr_t)0xbbadbeef = 0;
[Current thread is 1 (Thread 0x7f78fd3f4a80 (LWP 13158))]
(gdb) bt
#0  0x00007f78f98a6753 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1  0x00007f78f85c80f3 in WebCore::textUTF16ContextAwareMoveInPrimaryContext (text=0x17f0410, nativeIndex=3, nativeLength=3, forward=1 '\001')
    at ../../Source/WebCore/platform/text/icu/UTextProviderUTF16.cpp:71
#2  0x00007f78f85c82b0 in WebCore::textUTF16ContextAwareSwitchToPrimaryContext (text=0x17f0410, nativeIndex=3, nativeLength=3, forward=1 '\001')
    at ../../Source/WebCore/platform/text/icu/UTextProviderUTF16.cpp:89
#3  0x00007f78f85c86e5 in WebCore::uTextUTF16ContextAwareAccess (text=0x17f0410, nativeIndex=3, forward=1 '\001')
    at ../../Source/WebCore/platform/text/icu/UTextProviderUTF16.cpp:143
#4  0x00007f78eabacbf2 in utext_setNativeIndex_55 () from /usr/lib/x86_64-linux-gnu/libicuuc.so.55
#5  0x00007f78eabea798 in icu_55::RuleBasedBreakIterator::handlePrevious(icu_55::RBBIStateTable const*) () from /usr/lib/x86_64-linux-gnu/libicuuc.so.55
#6  0x00007f78eabeada2 in icu_55::RuleBasedBreakIterator::following(int) () from /usr/lib/x86_64-linux-gnu/libicuuc.so.55
#7  0x00007f78f85b8e25 in WebCore::textBreakFollowing (iterator=0x17f0260, pos=1) at ../../Source/WebCore/platform/text/TextBreakIterator.cpp:867
#8  0x00007f78f87f5d2a in WebCore::nextBreakablePositionNonLoosely<unsigned short, (WebCore::NBSPBehavior)0> (lazyBreakIterator=..., str=0x7f78d8f747ac, 
    length=1, pos=0) at ../../Source/WebCore/rendering/break_lines.h:108
#9  0x00007f78f87f4617 in WebCore::nextBreakablePositionIgnoringNBSP (lazyBreakIterator=..., pos=0) at ../../Source/WebCore/rendering/break_lines.h:203
#10 0x00007f78f87f4931 in WebCore::isBreakable (lazyBreakIterator=..., pos=0, nextBreakable=@0x7ffcb22b5f00: -1, breakNBSP=false, isLooseMode=false, 
    keepAllWords=false) at ../../Source/WebCore/rendering/break_lines.h:241
#11 0x00007f78f884c86e in WebCore::BreakingContext::handleText (this=0x7ffcb22b6180, wordMeasurements=..., hyphenated=@0x7ffcb22b6478: false, 
    consecutiveHyphenatedLines=@0x7ffcb22b6308: 0) at ../../Source/WebCore/rendering/line/BreakingContext.h:808
#12 0x00007f78f8847694 in WebCore::LineBreaker::nextLineBreak (this=0x7ffcb22b6470, resolver=..., lineInfo=..., layoutState=..., renderTextInfo=..., 
    lastFloatFromPreviousLine=0x0, consecutiveHyphenatedLines=0, wordMeasurements=...) at ../../Source/WebCore/rendering/line/LineBreaker.cpp:110
#13 0x00007f78f864c24e in WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange (this=0x7f78d8fb7450, layoutState=..., resolver=..., cleanLineStart=..., 
    cleanLineBidiStatus=..., consecutiveHyphenatedLines=0) at ../../Source/WebCore/rendering/RenderBlockLineLayout.cpp:1264
#14 0x00007f78f864be06 in WebCore::RenderBlockFlow::layoutRunsAndFloats (this=0x7f78d8fb7450, layoutState=..., hasInlineChild=true)
    at ../../Source/WebCore/rendering/RenderBlockLineLayout.cpp:1217
#15 0x00007f78f864e757 in WebCore::RenderBlockFlow::layoutLineBoxes (this=0x7f78d8fb7450, relayoutChildren=false, repaintLogicalTop=..., 
    repaintLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockLineLayout.cpp:1647
#16 0x00007f78f8629687 in WebCore::RenderBlockFlow::layoutInlineChildren (this=0x7f78d8fb7450, relayoutChildren=false, repaintLogicalTop=..., 
    repaintLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:651
#17 0x00007f78f86289c8 in WebCore::RenderBlockFlow::layoutBlock (this=0x7f78d8fb7450, relayoutChildren=false, pageLogicalHeight=...)
    at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:483
#18 0x00007f78f85fa8c8 in WebCore::RenderBlock::layout (this=0x7f78d8fb7450) at ../../Source/WebCore/rendering/RenderBlock.cpp:931
#19 0x00007f78f8629a4e in WebCore::RenderBlockFlow::layoutBlockChild (this=0x7f78d8fb7398, child=..., marginInfo=..., previousFloatLogicalBottom=..., 
    maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:709
#20 0x00007f78f862958c in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7f78d8fb7398, relayoutChildren=false, maxFloatLogicalBottom=...)
    at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:632
#21 0x00007f78f86289ec in WebCore::RenderBlockFlow::layoutBlock (this=0x7f78d8fb7398, relayoutChildren=false, pageLogicalHeight=...)
    at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:485
#22 0x00007f78f85fa8c8 in WebCore::RenderBlock::layout (this=0x7f78d8fb7398) at ../../Source/WebCore/rendering/RenderBlock.cpp:931
#23 0x00007f78f8629a4e in WebCore::RenderBlockFlow::layoutBlockChild (this=0x7f78d8fb72e0, child=..., marginInfo=..., previousFloatLogicalBottom=..., 
    maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:709
#24 0x00007f78f862958c in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7f78d8fb72e0, relayoutChildren=false, maxFloatLogicalBottom=...)
    at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:632
#25 0x00007f78f86289ec in WebCore::RenderBlockFlow::layoutBlock (this=0x7f78d8fb72e0, relayoutChildren=false, pageLogicalHeight=...)
    at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:485
#26 0x00007f78f85fa8c8 in WebCore::RenderBlock::layout (this=0x7f78d8fb72e0) at ../../Source/WebCore/rendering/RenderBlock.cpp:931
#27 0x00007f78f8629a4e in WebCore::RenderBlockFlow::layoutBlockChild (this=0x7f78d8edd228, child=..., marginInfo=..., previousFloatLogicalBottom=..., 
    maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:709
#28 0x00007f78f862958c in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7f78d8edd228, relayoutChildren=false, maxFloatLogicalBottom=...)
    at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:632
#29 0x00007f78f86289ec in WebCore::RenderBlockFlow::layoutBlock (this=0x7f78d8edd228, relayoutChildren=false, pageLogicalHeight=...)
    at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:485
#30 0x00007f78f85fa8c8 in WebCore::RenderBlock::layout (this=0x7f78d8edd228) at ../../Source/WebCore/rendering/RenderBlock.cpp:931
#31 0x00007f78f8811131 in WebCore::RenderView::layoutContent (this=0x7f78d8edd228, state=...) at ../../Source/WebCore/rendering/RenderView.cpp:253
#32 0x00007f78f8811829 in WebCore::RenderView::layout (this=0x7f78d8edd228) at ../../Source/WebCore/rendering/RenderView.cpp:378
#33 0x00007f78f83d7448 in WebCore::FrameView::layout (this=0x7f78d8c0c000, allowSubtree=true) at ../../Source/WebCore/page/FrameView.cpp:1427
#34 0x00007f78f7e26d27 in WebCore::Document::updateLayout (this=0x7f78d8c1d900) at ../../Source/WebCore/dom/Document.cpp:1917
#35 0x00007f78f7e26e3e in WebCore::Document::updateLayoutIgnorePendingStylesheets (this=0x7f78d8c1d900, 
    runPostLayoutTasks=WebCore::Document::RunPostLayoutTasks::Asynchronously) at ../../Source/WebCore/dom/Document.cpp:1949
#36 0x00007f78f7fdc710 in WebCore::VisiblePosition::canonicalPosition (this=0x7ffcb22b8fe0, passedPosition=...)
    at ../../Source/WebCore/editing/VisiblePosition.cpp:519
#37 0x00007f78f7fda114 in WebCore::VisiblePosition::init (this=0x7ffcb22b8fe0, position=..., affinity=WebCore::DOWNSTREAM)
    at ../../Source/WebCore/editing/VisiblePosition.cpp:58
#38 0x00007f78f7fda0aa in WebCore::VisiblePosition::VisiblePosition (this=0x7ffcb22b8fe0, pos=..., affinity=WebCore::DOWNSTREAM)
    at ../../Source/WebCore/editing/VisiblePosition.cpp:51
#39 0x00007f78f913fb41 in WebCore::ApplyBlockElementCommand::formatSelection (this=0x7f78d8edc000, startOfSelection=..., endOfSelection=...)
    at ../../Source/WebCore/editing/ApplyBlockElementCommand.cpp:131
#40 0x00007f78f7fa6d8b in WebCore::IndentOutdentCommand::formatSelection (this=0x7f78d8edc000, startOfSelection=..., endOfSelection=...)
    at ../../Source/WebCore/editing/IndentOutdentCommand.cpp:226
#41 0x00007f78f913f216 in WebCore::ApplyBlockElementCommand::doApply (this=0x7f78d8edc000) at ../../Source/WebCore/editing/ApplyBlockElementCommand.cpp:90
#42 0x00007f78f91553a0 in WebCore::CompositeEditCommand::apply (this=0x7f78d8edc000) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:227
#43 0x00007f78f9155167 in WebCore::applyCommand (command=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:186
#44 0x00007f78f7f8ce22 in WebCore::executeIndent (frame=...) at ../../Source/WebCore/editing/EditorCommand.cpp:456
#45 0x00007f78f7f910ca in WebCore::Editor::Command::execute (this=0x7ffcb22b9530, parameter=..., triggeringEvent=0x0)
    at ../../Source/WebCore/editing/EditorCommand.cpp:1703
#46 0x00007f78f7e3288d in WebCore::Document::execCommand (this=0x7f78d8c1d900, commandName=..., userInterface=false, value=...)
    at ../../Source/WebCore/dom/Document.cpp:4657
#47 0x00007f78f95950c9 in WebCore::jsDocumentPrototypeFunctionExecCommand (state=0x7ffcb22b9600) at DerivedSources/WebCore/JSDocument.cpp:5066
#48 0x00007f7893fff0c8 in ?? ()
#49 0x00007ffcb22b9680 in ?? ()
#50 0x00007f78ed083d98 in llint_entry () from webkit/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.1

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151125/7c518d54/attachment-0001.html>

More information about the webkit-unassigned mailing list