[Webkit-unassigned] [Bug 196579] New: Nullptr crash in InlineTextBox::selectionState via TextIndicator::createWithRange
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Apr 3 16:56:52 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=196579
Bug ID: 196579
Summary: Nullptr crash in InlineTextBox::selectionState via
TextIndicator::createWithRange
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Keywords: InRadar
Severity: Normal
Priority: P2
Component: Layout and Rendering
Assignee: webkit-unassigned at lists.webkit.org
Reporter: rniwa at webkit.org
CC: bfulgham at webkit.org, simon.fraser at apple.com,
zalan at apple.com
e.g.
Thread 0 Crashed ↩:: Dispatch queue: com.apple.main-thread
0 com.apple.WebCore 0x00007fff4a6790ed WebCore::InlineTextBox::selectionState() + 509
1 com.apple.WebCore 0x00007fff4a677329 WebCore::InlineTextBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) + 425
2 com.apple.WebCore 0x00007fff4a6768f0 WebCore::InlineFlowBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) + 1040
3 com.apple.WebCore 0x00007fff4a676472 WebCore::RootInlineBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) + 34
4 com.apple.WebCore 0x00007fff4a653e65 WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject*, WebCore::PaintInfo&, WebCore::LayoutPoint const&) const + 853
5 com.apple.WebCore 0x00007fff4a650725 WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 549
6 com.apple.WebCore 0x00007fff4a652985 WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 245
7 com.apple.WebCore 0x00007fff4ba09b72 WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) + 642
8 com.apple.WebCore 0x00007fff4a6510ff WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) + 95
9 com.apple.WebCore 0x00007fff4a650748 WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 584
10 com.apple.WebCore 0x00007fff4a652985 WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 245
11 com.apple.WebCore 0x00007fff4ba655c9 WebCore::RenderElement::paintAsInlineBlock(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 185
12 com.apple.WebCore 0x00007fff4b9fa515 WebCore::InlineElementBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) + 117
13 com.apple.WebCore 0x00007fff4a6768f0 WebCore::InlineFlowBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) + 1040
14 com.apple.WebCore 0x00007fff4a676472 WebCore::RootInlineBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) + 34
15 com.apple.WebCore 0x00007fff4a653e65 WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject*, WebCore::PaintInfo&, WebCore::LayoutPoint const&) const + 853
16 com.apple.WebCore 0x00007fff4a650725 WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 549
17 com.apple.WebCore 0x00007fff4a652985 WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 245
18 com.apple.WebCore 0x00007fff4ba09b72 WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) + 642
19 com.apple.WebCore 0x00007fff4a6510ff WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) + 95
20 com.apple.WebCore 0x00007fff4a650748 WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 584
21 com.apple.WebCore 0x00007fff4a652985 WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 245
22 com.apple.WebCore 0x00007fff4ba09b72 WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) + 642
23 com.apple.WebCore 0x00007fff4a6510ff WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) + 95
24 com.apple.WebCore 0x00007fff4a650748 WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 584
25 com.apple.WebCore 0x00007fff4a652985 WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 245
26 com.apple.WebCore 0x00007fff4ba09b72 WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) + 642
27 com.apple.WebCore 0x00007fff4a6510ff WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) + 95
28 com.apple.WebCore 0x00007fff4a650748 WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 584
29 com.apple.WebCore 0x00007fff4a652985 WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 245
30 com.apple.WebCore 0x00007fff4baa8804 WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase, WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::RenderObject*) + 404
31 com.apple.WebCore 0x00007fff4baa65d4 WebCore::RenderLayer::paintForegroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::RenderObject*) + 420
32 com.apple.WebCore 0x00007fff4baa3634 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) + 3268
33 com.apple.WebCore 0x00007fff4baa36e3 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) + 3443
34 com.apple.WebCore 0x00007fff4baa0e10 WebCore::RenderLayer::paint(WebCore::GraphicsContext&, WebCore::LayoutRect const&, WebCore::LayoutSize const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::RenderObject*, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>, WebCore::RenderLayer::SecurityOriginPaintPolicy) + 272
35 com.apple.WebCore 0x00007fff4b7ecd88 WebCore::FrameView::paintContents(WebCore::GraphicsContext&, WebCore::IntRect const&, WebCore::Widget::SecurityOriginPaintPolicy) + 616
36 com.apple.WebCore 0x00007fff4b7e3a94 WebCore::FrameView::paintContentsForSnapshot(WebCore::GraphicsContext&, WebCore::IntRect const&, WebCore::FrameView::SelectionInSnapshot, WebCore::FrameView::CoordinateSpaceForSnapshot) + 244
37 com.apple.WebCore 0x00007fff4b7e38e3 WebCore::snapshotFrameRectWithClip(WebCore::Frame&, WebCore::IntRect const&, WTF::Vector<WebCore::FloatRect, 0ul, WTF::CrashOnOverflow, 16ul> const&, unsigned int) + 467
38 com.apple.WebCore 0x00007fff4b82c9df WebCore::takeSnapshot(WebCore::Frame&, WebCore::IntRect, unsigned int, float&, WTF::Vector<WebCore::FloatRect, 0ul, WTF::CrashOnOverflow, 16ul> const&) + 47
39 com.apple.WebCore 0x00007fff4b828663 WebCore::initializeIndicator(WebCore::TextIndicatorData&, WebCore::Frame&, WebCore::Range const&, WebCore::FloatSize, bool) + 4147
40 com.apple.WebCore 0x00007fff4b827435 WebCore::TextIndicator::createWithRange(WebCore::Range const&, unsigned short, WebCore::TextIndicatorPresentationTransition, WebCore::FloatSize) + 1093
41 com.apple.WebKit 0x00007fff4c4e16c4 WebKit::WebPage::performImmediateActionHitTestAtLocation(WebCore::FloatPoint) + 734
42 com.apple.WebKit 0x00007fff4c5ac01d WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&) + 20599
43 com.apple.WebKit 0x00007fff4c225a14 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 126
44 com.apple.WebKit 0x00007fff4c4f1540 WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 28
<rdar://problem/49575527>
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190403/ce0d04a8/attachment-0001.html>
More information about the webkit-unassigned
mailing list