[Webkit-unassigned] [Bug 202897] New: Chromium test-case asserts with ASSERTION FAILED: static_cast<unsigned>(position.offsetInContainerNode()) <= node->length()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Oct 13 13:40:52 PDT 2019


https://bugs.webkit.org/show_bug.cgi?id=202897

            Bug ID: 202897
           Summary: Chromium test-case asserts with ASSERTION FAILED:
                    static_cast<unsigned>(position.offsetInContainerNode()
                    ) <= node->length()
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: HTML Editing
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: emilio at crisal.io
                CC: wenson_hsieh at apple.com

On master (247b0314320d499ae788b6ea993aa1d98e2d607e / r250962), WebKitGTK build.

Runing on WebKitTestRunner this test-case: https://cs.chromium.org/chromium/src/third_party/blink/web_tests/editing/undo/crash-delete-from-document.html?l=1&rcl=753caf715d8f30f0c673f1b4b36dadfc75c3201f

Asserts like:

ASSERTION FAILED: static_cast<unsigned>(position.offsetInContainerNode()) <= node->length()
../../Source/WebCore/editing/FrameSelection.cpp(588) : void WebCore::updatePositionAfterAdoptingTextReplacement(WebCore::Position&, WebCore::CharacterData*, unsigned int, unsigned int, unsigned int)
1   0x7fcf350763d3 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x9) [0x7fcf350763d3]
2   0x7fcf40d1f5f2 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF15CrashOnOverflow10overflowedEv+0) [0x7fcf40d1f5f2]
3   0x7fcf432eefba /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0xcbaafba) [0x7fcf432eefba]
4   0x7fcf432ef108 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore14FrameSelection15textWasReplacedEPNS_13CharacterDataEjjj+0x146) [0x7fcf432ef108]
5   0x7fcf43070a2a /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore13CharacterData16setDataAndUpdateERKN3WTF6StringEjjj+0x17a) [0x7fcf43070a2a]
6   0x7fcf4307062a /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore13CharacterData10deleteDataEjj+0xf6) [0x7fcf4307062a]
7   0x7fcf43218ede /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0xcad4ede) [0x7fcf43218ede]
8   0x7fcf432181ea /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore5Range15processContentsENS0_10ActionTypeE+0x574) [0x7fcf432181ea]
9   0x7fcf43217786 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore5Range14deleteContentsEv+0x28) [0x7fcf43217786]
10  0x7fcf4390e2fc /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore12DOMSelection18deleteFromDocumentEv+0xe6) [0x7fcf4390e2fc]
11  0x7fcf448c62d1 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0xe1822d1) [0x7fcf448c62d1]
12  0x7fcf448cb5eb /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0xe1875eb) [0x7fcf448cb5eb]
13  0x7fcf448c631b /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore49jsDOMSelectionPrototypeFunctionDeleteFromDocumentEPN3JSC14JSGlobalObjectEPNS0_9CallFrameE+0x23) [0x7fcf448c631b]
14  0x7fcedf5fa16b [0x7fcedf5fa16b]
#CRASHED - WebKitWebProcess (pid 394048)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191013/8b208a2e/attachment.html>


More information about the webkit-unassigned mailing list