[Webkit-unassigned] [Bug 156932] New: ASSERT(isCaret()) at FrameSelection.cpp:2119 switching from input with caret to selection at just the right time
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Apr 22 14:53:00 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=156932
Bug ID: 156932
Summary: ASSERT(isCaret()) at FrameSelection.cpp:2119 switching
from input with caret to selection at just the right
time
Classification: Unclassified
Product: WebKit
Version: WebKit Nightly Build
Hardware: All
OS: All
Status: NEW
Severity: Normal
Priority: P2
Component: HTML Editing
Assignee: webkit-unassigned at lists.webkit.org
Reporter: joepeck at webkit.org
CC: darin at apple.com, enrica at apple.com, rniwa at webkit.org
Created attachment 277103
--> https://bugs.webkit.org/attachment.cgi?id=277103&action=review
[REDUCTION] Caret ASSERT Reduction
* SUMMARY
ASSERT(isCaret()) at FrameSelection.cpp:2119 switching from input with caret to selection at just the right time.
Seen at WebKit r199863. I don't see any negative consequences in a Release build.
* STEPS TO REPRODUCE
1. Load attached reduction
2. Sit on the page for 2-30 seconds (normally crashes in under 10 seconds)
=> ASSERT
* ASSERT
ASSERTION FAILED: isCaret()
/Users/pecoraro/Code/safari/OpenSource/Source/WebCore/editing/FrameSelection.cpp(2119) : void WebCore::FrameSelection::caretBlinkTimerFired()
1 0x10b7b2130 WTFCrash
2 0x10e51af8b WebCore::FrameSelection::caretBlinkTimerFired()
3 0x10e529298 void std::__1::__invoke_void_return_wrapper<void>::__call<std::__1::__bind<void (WebCore::FrameSelection::*&)(), WebCore::FrameSelection*>&>(std::__1::__bind<void (WebCore::FrameSelection::*&)(), WebCore::FrameSelection*>&&&)
4 0x10e52916c std::__1::__function::__func<std::__1::__bind<void (WebCore::FrameSelection::*&)(), WebCore::FrameSelection*>, std::__1::allocator<std::__1::__bind<void (WebCore::FrameSelection::*&)(), WebCore::FrameSelection*> >, void ()>::operator()()
5 0x10dac548a std::__1::function<void ()>::operator()() const
6 0x10dac539c WebCore::Timer::fired()
7 0x10fe9769a WebCore::ThreadTimers::sharedTimerFiredInternal()
8 0x10fe988e1 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const
9 0x10fe988ad void std::__1::__invoke_void_return_wrapper<void>::__call<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&>(WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&&&)
10 0x10fe9884c std::__1::__function::__func<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, std::__1::allocator<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0>, void ()>::operator()()
11 0x10dac548a std::__1::function<void ()>::operator()() const
12 0x10f20c9cf WebCore::MainThreadSharedTimer::fired()
13 0x10f20cdc9 WebCore::timerFired(__CFRunLoopTimer*, void*)
14 0x7fff8e341b94 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__
15 0x7fff8e341823 __CFRunLoopDoTimer
16 0x7fff8e34137a __CFRunLoopDoTimers
17 0x7fff8e338871 __CFRunLoopRun
18 0x7fff8e337ed8 CFRunLoopRunSpecific
19 0x7fff8977d935 RunCurrentEventLoopInMode
20 0x7fff8977d76f ReceiveNextEventCommon
21 0x7fff8977d5af _BlockUntilNextEventMatchingListInModeWithFilter
22 0x7fff945a5efa _DPSNextEvent
23 0x7fff945a532a -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:]
24 0x7fff94599e84 -[NSApplication run]
25 0x7fff9456346c NSApplicationMain
26 0x7fff85fa0194 _xpc_objc_main
27 0x7fff85f9ebbe xpc_main
28 0x10717d100 main
29 0x7fff8ea905ad start
30 0x1
* NOTES
- This is possible to reproduce in Web Inspector when using the global search. When committing a global search we show the Search tab and select the contents of another input and can ASSERT. Boiled that down into the attached reduction.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160422/16357183/attachment-0001.html>
More information about the webkit-unassigned
mailing list