[Webkit-unassigned] [Bug 164078] New: ASSERTION FAILED: length in WebCore::TextIteratorCopyableText::set
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 27 14:17:05 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=164078
Bug ID: 164078
Summary: ASSERTION FAILED: length in
WebCore::TextIteratorCopyableText::set
Classification: Unclassified
Product: WebKit
Version: WebKit Local Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: hodovan at inf.u-szeged.hu
Load the attached test with debug WebKitTestRunner:
Checked version: 2c9fa6e
OS: Darwin-15.6.0-x86_64-i386-64bit
<script>window.onload = function() {
try {arparent = dent.getElementById('id_0')
;
try { var
child = doById('id_0') } catch (err) {}
d()}catch(e){}try{('')
try{s()}catch(r){}try{}catch(e){}}catch(e){}try{('')}catch(r){}try{window.find('a')}catch(r){}}</script><style>*{display:table-footer-group;word-break:break-all
Backtrace:
ASSERTION FAILED: length
WebKit/Source/WebCore/editing/TextIterator.cpp(315) : void WebCore::TextIteratorCopyableText::set(WTF::String &&, unsigned int, unsigned int)
1 0x1103ba4f1 WTFCrash
2 0x11ab6cd5e WebCore::TextIteratorCopyableText::set(WTF::String&&, unsigned int, unsigned int)
3 0x11ab5d8ac WebCore::TextIterator::emitText(WebCore::Text&, WebCore::RenderText&, int, int)
4 0x11ab5ac5f WebCore::TextIterator::handleTextNode()
5 0x11ab546f0 WebCore::TextIterator::advance()
6 0x11ab64ed8 WebCore::CharacterIterator::advance(int)
7 0x11ab69cd5 WebCore::findPlainText(WebCore::Range const&, WTF::String const&, unsigned char, unsigned long&)
8 0x11ab696e3 WebCore::findPlainText(WebCore::Range const&, WTF::String const&, unsigned char)
9 0x115b339f0 WebCore::Editor::rangeOfString(WTF::String const&, WebCore::Range*, unsigned char)
10 0x115b32bc1 WebCore::Editor::findString(WTF::String const&, unsigned char)
11 0x115a4d94a WebCore::DOMWindow::find(WTF::String const&, bool, bool, bool, bool, bool, bool) const
12 0x11751b4f3 WebCore::jsDOMWindowInstanceFunctionFind(JSC::ExecState*)
13 0x338d55001028
14 0x10fa3f994 llint_entry
15 0x10fa384ae vmEntryToJavaScript
16 0x10f4662be JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
17 0x10f3316f1 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
18 0x10de1271b JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
19 0x10de12c38 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
20 0x10de136ae JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
21 0x116fdd1f1 WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
22 0x1176f2bed WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*)
23 0x115c6a3c9 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener>, 1ul, WTF::CrashOnOverflow, 16ul>)
24 0x115c69c16 WebCore::EventTarget::fireEventListeners(WebCore::Event&)
25 0x115a4192b WebCore::DOMWindow::dispatchEvent(WebCore::Event&, WebCore::EventTarget*)
26 0x115a58345 WebCore::DOMWindow::dispatchLoadEvent()
27 0x1157e6ad2 WebCore::Document::dispatchWindowLoadEvent()
28 0x1157dc54d WebCore::Document::implicitClose()
29 0x1160c21e3 WebCore::FrameLoader::checkCallImplicitClose()
30 0x1160c1ccc WebCore::FrameLoader::checkCompleted()
31 0x1160be177 WebCore::FrameLoader::finishedParsing()
ASAN:DEADLYSIGNAL
=================================================================
==2412==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x0001103ba529 bp 0x7fff590e6e10 sp 0x7fff590e6e00 T0)
#0 0x1103ba528 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2d01528)
#1 0x11ab6cd5d in WebCore::TextIteratorCopyableText::set(WTF::String&&, unsigned int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x651cd5d)
#2 0x11ab5d8ab in WebCore::TextIterator::emitText(WebCore::Text&, WebCore::RenderText&, int, int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x650d8ab)
#3 0x11ab5ac5e in WebCore::TextIterator::handleTextNode() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x650ac5e)
#4 0x11ab546ef in WebCore::TextIterator::advance() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x65046ef)
#5 0x11ab64ed7 in WebCore::CharacterIterator::advance(int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6514ed7)
#6 0x11ab69cd4 in WebCore::findPlainText(WebCore::Range const&, WTF::String const&, unsigned char, unsigned long&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6519cd4)
#7 0x11ab696e2 in WebCore::findPlainText(WebCore::Range const&, WTF::String const&, unsigned char) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x65196e2)
#8 0x115b339ef in WebCore::Editor::rangeOfString(WTF::String const&, WebCore::Range*, unsigned char) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x14e39ef)
#9 0x115b32bc0 in WebCore::Editor::findString(WTF::String const&, unsigned char) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x14e2bc0)
#10 0x115a4d949 in WebCore::DOMWindow::find(WTF::String const&, bool, bool, bool, bool, bool, bool) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x13fd949)
#11 0x11751b4f2 in WebCore::jsDOMWindowInstanceFunctionFind(JSC::ExecState*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x2ecb4f2)
#12 0x338d55001027 (<unknown module>)
#13 0x10fa3f993 in llint_entry (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2386993)
#14 0x10fa384ad in vmEntryToJavaScript (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x237f4ad)
#15 0x10f4662bd in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x1dad2bd)
#16 0x10f3316f0 in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x1c786f0)
#17 0x10de1271a in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x75971a)
#18 0x10de12c37 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x759c37)
#19 0x10de136ad in JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x75a6ad)
#20 0x116fdd1f0 in WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x298d1f0)
#21 0x1176f2bec in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x30a2bec)
#22 0x115c6a3c8 in WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener>, 1ul, WTF::CrashOnOverflow, 16ul>) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x161a3c8)
#23 0x115c69c15 in WebCore::EventTarget::fireEventListeners(WebCore::Event&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1619c15)
#24 0x115a4192a in WebCore::DOMWindow::dispatchEvent(WebCore::Event&, WebCore::EventTarget*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x13f192a)
#25 0x115a58344 in WebCore::DOMWindow::dispatchLoadEvent() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1408344)
#26 0x1157e6ad1 in WebCore::Document::dispatchWindowLoadEvent() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1196ad1)
#27 0x1157dc54c in WebCore::Document::implicitClose() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x118c54c)
#28 0x1160c21e2 in WebCore::FrameLoader::checkCallImplicitClose() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a721e2)
#29 0x1160c1ccb in WebCore::FrameLoader::checkCompleted() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a71ccb)
#30 0x1160be176 in WebCore::FrameLoader::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a6e176)
#31 0x115800ab2 in WebCore::Document::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x11b0ab2)
#32 0x116487555 in WebCore::HTMLConstructionSite::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e37555)
#33 0x11677f5b7 in WebCore::HTMLTreeBuilder::finished() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x212f5b7)
#34 0x1164facfb in WebCore::HTMLDocumentParser::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1eaacfb)
#35 0x1164f69e6 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ea69e6)
#36 0x1164f664d in WebCore::HTMLDocumentParser::prepareToStopParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ea664d)
#37 0x1164fad9b in WebCore::HTMLDocumentParser::attemptToEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1eaad9b)
#38 0x1164fadf3 in WebCore::HTMLDocumentParser::finish() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1eaadf3)
#39 0x1159c597f in WebCore::DocumentWriter::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x137597f)
#40 0x11591fe56 in WebCore::DocumentLoader::finishedLoading(double) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12cfe56)
#41 0x11591f98a in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12cf98a)
#42 0x114c61b23 in WebCore::CachedResource::checkNotify() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x611b23)
#43 0x114c61d13 in WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x611d13)
#44 0x114c56d54 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x606d54)
#45 0x11a74fe8e in WebCore::SubresourceLoader::didFinishLoading(double) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x60ffe8e)
#46 0x1085b643e in WebKit::WebResourceLoader::didFinishResourceLoad(double) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9143e)
#47 0x1085c46ce in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>&&, std::__1::integer_sequence<unsigned long, 0ul>) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9f6ce)
#48 0x1085c4374 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9f374)
#49 0x1085c1680 in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9c680)
#50 0x1085bfa10 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9aa10)
#51 0x1072e8da9 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x7c3da9)
#52 0x106cfcfba in IPC::Connection::dispatchMessage(IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d7fba)
#53 0x106ce57c4 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1c07c4)
#54 0x106cfdca5 in IPC::Connection::dispatchOneMessage() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d8ca5)
#55 0x106d0e25c in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1e925c)
#56 0x106d0e188 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1e9188)
#57 0x11043e830 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2d85830)
#58 0x110488d50 in WTF::RunLoop::performWork() (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2dcfd50)
#59 0x110489b11 in WTF::RunLoop::performWork(void*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2dd0b11)
#60 0x7fff81c1f880 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa880)
#61 0x7fff81bfefbb in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x89fbb)
#62 0x7fff81bfe4de in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x894de)
#63 0x7fff81bfded7 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88ed7)
#64 0x7fff82fde934 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30934)
#65 0x7fff82fde76e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x3076e)
#66 0x7fff82fde5ae in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x305ae)
#67 0x7fff8e643df5 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48df5)
#68 0x7fff8e643225 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48225)
#69 0x7fff8e637d7f in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3cd7f)
#70 0x7fff8e601367 in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x6367)
#71 0x7fff92f09193 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x11193)
#72 0x7fff92f07bbd in xpc_main (/usr/lib/system/libxpc.dylib+0xfbbd)
#73 0x106b10f73 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x100001f73)
#74 0x7fff8ab8d5ac in start (/usr/lib/system/libdyld.dylib+0x35ac)
#75 0x0 (<unknown module>)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2d01528) in WTFCrash
==2412==ABORTING
#CRASHED - com.apple.WebKit.WebContent.Development (pid 2412)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161027/dfa277fb/attachment-0001.html>
More information about the webkit-unassigned
mailing list