[Webkit-unassigned] [Bug 202908] New: Chromium test-case asserts with ASSERTION FAILED: m_offset + m_count <= m_node->length()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Oct 13 14:26:57 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=202908
Bug ID: 202908
Summary: Chromium test-case asserts with ASSERTION FAILED:
m_offset + m_count <= m_node->length()
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: HTML Editing
Assignee: webkit-unassigned at lists.webkit.org
Reporter: emilio at crisal.io
CC: wenson_hsieh at apple.com
On master (247b0314320d499ae788b6ea993aa1d98e2d607e / r250962), WebKitGTK build.
Running this test-case: https://cs.chromium.org/chromium/src/third_party/blink/web_tests/editing/selection/deleteFromDocument-undo-crash.html?rcl=753caf715d8f30f0c673f1b4b36dadfc75c3201f
Asserts like:
ASSERTION FAILED: m_offset + m_count <= m_node->length()
../../Source/WebCore/editing/DeleteFromTextNodeCommand.cpp(42) : WebCore::DeleteFromTextNodeCommand::DeleteFromTextNodeCommand(WTF::Ref<WebCore::Text>&&, unsigned int, unsigned int, WebCore::EditAction)
1 0x7f445ceba3d3 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x9) [0x7f445ceba3d3]
2 0x7f4468b635f2 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF15CrashOnOverflow10overflowedEv+0) [0x7f4468b635f2]
3 0x7f446b0fabe8 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore25DeleteFromTextNodeCommandC1EON3WTF3RefINS_4TextENS1_13DumbPtrTraitsIS3_EEEEjjNS_10EditActionE+0x162) [0x7f446b0fabe8]
4 0x7f446c74fb94 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore25DeleteFromTextNodeCommand6createEON3WTF3RefINS_4TextENS1_13DumbPtrTraitsIS3_EEEEjjNS_10EditActionE+0x57) [0x7f446c74fb94]
5 0x7f446c748be8 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore20CompositeEditCommand17replaceTextInNodeERNS_4TextEjjRKN3WTF6StringE+0x4a) [0x7f446c748be8]
6 0x7f446c748e1d /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore20CompositeEditCommand25replaceSelectedTextInNodeERKN3WTF6StringE+0x13b) [0x7f446c748e1d]
7 0x7f446b15617e /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore17InsertTextCommand21performTrivialReplaceERKN3WTF6StringEb+0xf2) [0x7f446b15617e]
8 0x7f446b1565d5 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore17InsertTextCommand7doApplyEv+0xd9) [0x7f446b1565d5]
9 0x7f446c7472c2 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore20CompositeEditCommand23applyCommandToCompositeEON3WTF3RefIS0_NS1_13DumbPtrTraitsIS0_EEEERKNS_16VisibleSelectionE+0xb4) [0x7f446c7472c2]
10 0x7f446b18444a /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore13TypingCommand28insertTextRunWithoutNewlinesERKN3WTF6StringEb+0xea) [0x7f446b18444a]
11 0x7f446b18a869 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZNK7WebCore26TypingCommandLineOperationclEmmb+0x79) [0x7f446b18a869]
12 0x7f446b18b72f /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore19forEachLineInStringINS_26TypingCommandLineOperationEEEvRKN3WTF6StringERKT_+0x8f) [0x7f446b18b72f]
13 0x7f446b18421c /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore13TypingCommand10insertTextERKN3WTF6StringEb+0x40) [0x7f446b18421c]
14 0x7f446b1842d5 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore13TypingCommand32insertTextAndNotifyAccessibilityERKN3WTF6StringEb+0xb5) [0x7f446b1842d5]
15 0x7f446b183aab /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore13TypingCommand7doApplyEv+0x153) [0x7f446b183aab]
16 0x7f446c746cd3 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore20CompositeEditCommand5applyEv+0xf5) [0x7f446c746cd3]
17 0x7f446b179d57 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore24TextInsertionBaseCommand25applyTextInsertionCommandEPNS_5FrameERS0_RKNS_16VisibleSelectionES6_+0x67) [0x7f446b179d57]
18 0x7f446b18319e /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore13TypingCommand10insertTextERNS_8DocumentERKN3WTF6StringERKNS_16VisibleSelectionEjNS0_19TextCompositionTypeE+0x342) [0x7f446b18319e]
19 0x7f446b182e54 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore13TypingCommand10insertTextERNS_8DocumentERKN3WTF6StringEjNS0_19TextCompositionTypeE+0xdc) [0x7f446b182e54]
20 0x7f446b12ad33 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0xcba2d33) [0x7f446b12ad33]
21 0x7f446b12e62a /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZNK7WebCore6Editor7Command7executeERKN3WTF6StringEPNS_5EventE+0xdc) [0x7f446b12e62a]
22 0x7f446af19268 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore8Document11execCommandERKN3WTF6StringEbS4_+0x56) [0x7f446af19268]
23 0x7f4469c27694 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0xb69f694) [0x7f4469c27694]
24 0x7f4469c411b6 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0xb6b91b6) [0x7f4469c411b6]
25 0x7f4469c27702 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore38jsDocumentPrototypeFunctionExecCommandEPN3JSC14JSGlobalObjectEPNS0_9CallFrameE+0x23) [0x7f4469c27702]
26 0x7f44074fa16b [0x7f44074fa16b]
Seems like it's handled safely, so not filing as security-sensitive.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191013/b7824361/attachment.html>
More information about the webkit-unassigned
mailing list