[Webkit-unassigned] [Bug 202909] New: Chromium test-case asserts with ASSERTION FAILED: startOffset <= endOffset
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Oct 13 14:29:09 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=202909
Bug ID: 202909
Summary: Chromium test-case asserts with ASSERTION FAILED:
startOffset <= endOffset
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: HTML Editing
Assignee: webkit-unassigned at lists.webkit.org
Reporter: emilio at crisal.io
CC: wenson_hsieh at apple.com
On master (247b0314320d499ae788b6ea993aa1d98e2d607e / r250962), WebKitGTK build.
Running this test-case: https://cs.chromium.org/chromium/src/third_party/blink/web_tests/fast/dom/Range/range-extract-contents-after-move-to-another-document-crash.html?rcl=753caf715d8f30f0c673f1b4b36dadfc75c3201f
Asserts like:
ASSERTION FAILED: startOffset <= endOffset
../../Source/WebCore/dom/Range.cpp(686) : WebCore::ExceptionOr<WTF::RefPtr<WebCore::Node> > WebCore::processContentsBetweenOffsets(WebCore::Range::ActionType, WTF::RefPtr<WebCore::DocumentFragment>, WTF::RefPtr<WebCore::Node>, unsigned int, unsigned int)
1 0x7fee8256f3d3 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x9) [0x7fee8256f3d3]
2 0x7fee8e2185f2 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF15CrashOnOverflow10overflowedEv+0) [0x7fee8e2185f2]
3 0x7fee90711bc7 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0xcad4bc7) [0x7fee90711bc7]
4 0x7fee90710e2b /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore5Range15processContentsENS0_10ActionTypeE+0x1b5) [0x7fee90710e2b]
5 0x7fee90712fe4 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore5Range15extractContentsEv+0x28) [0x7fee90712fe4]
6 0x7fee8f7ac807 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0xbb6f807) [0x7fee8f7ac807]
7 0x7fee8f7b1e74 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0xbb74e74) [0x7fee8f7b1e74]
8 0x7fee8f7ac87b /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore39jsRangePrototypeFunctionExtractContentsEPN3JSC14JSGlobalObjectEPNS0_9CallFrameE+0x23) [0x7fee8f7ac87b]
9 0x7fee2cafa16b [0x7fee2cafa16b]
Seems like it's handled safely so not filing as security sensitive.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191013/1002fe57/attachment.html>
More information about the webkit-unassigned
mailing list