[Webkit-unassigned] [Bug 218276] New: REGRESSION(r267329): Crash in VisibleSelection::toNormalizedRange()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Oct 28 03:02:45 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=218276

            Bug ID: 218276
           Summary: REGRESSION(r267329): Crash in
                    VisibleSelection::toNormalizedRange()
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: HTML Editing
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rniwa at webkit.org
                CC: wenson_hsieh at apple.com

e.g.
    #0 0x74dbc0571 in WebCore::Node::treeScope() const+0x21 (/Volumes/Data/safari-2/OpenSource/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1be571)
    #1 0x74dba3078 in WebCore::Node::document() const+0x8 (/Volumes/Data/safari-2/OpenSource/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1a1078)
    #2 0x751459529 in WebCore::VisibleSelection::toNormalizedRange() const+0xe9 (/Volumes/Data/safari-2/OpenSource/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x3a57529)
    #3 0x7513807b2 in WebCore::Editor::shouldChangeSelection(WebCore::VisibleSelection const&, WebCore::VisibleSelection const&, WebCore::Affinity, bool) const+0x112 (/Volumes/Data/safari-2/OpenSource/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x397e7b2)
    #4 0x75137a33a in WebCore::FrameSelection::shouldChangeSelection(WebCore::VisibleSelection const&) const+0x4a (/Volumes/Data/safari-2/OpenSource/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x397833a)
    #5 0x7513683f8 in WebCore::Editor::changeSelectionAfterCommand(WebCore::VisibleSelection const&, WTF::OptionSet<WebCore::FrameSelection::SetSelectionOption>)+0x1c8 (/Volumes/Data/safari-2/OpenSource/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x39663f8)
    #6 0x75136785b in WebCore::Editor::appliedEditing(WebCore::CompositeEditCommand&)+0x25b (/Volumes/Data/safari-2/OpenSource/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x396585b)
    #7 0x75142d04d in WebCore::TypingCommand::typingAddedToOpenCommand(WebCore::TypingCommand::ETypingCommand)+0x11d (/Volumes/Data/safari-2/OpenSource/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x3a2b04d)
    #8 0x7514287af in WebCore::TypingCommand::deleteKeyPressed(WebCore::TextGranularity, bool)+0x107f (/Volumes/Data/safari-2/OpenSource/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x3a267af)
    #9 0x75142bffe in WebCore::TypingCommand::doApply()+0x1be (/Volumes/Data/safari-2/OpenSource/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x3a29ffe)
    #10 0x7512eb666 in WebCore::CompositeEditCommand::apply()+0x216 (/Volumes/Data/safari-2/OpenSource/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x38e9666)
    #11 0x75142748b in WebCore::TypingCommand::deleteKeyPressed(WebCore::Document&, unsigned int, WebCore::TextGranularity)+0x29b (/Volumes/Data/safari-2/OpenSource/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x3a2548b)
    #12 0x7513a974e in WebCore::executeDelete(WebCore::Frame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&)+0xde (/Volumes/Data/safari-2/OpenSource/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x39a774e)
    #13 0x75136febb in WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const+0xdb (/Volumes/Data/safari-2/OpenSource/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x396debb)
    #14 0x750ff39e3 in WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&)+0xf3 (/Volumes/Data/safari-2/OpenSource/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x35f19e3)
    #15 0x74e548d29 in WebCore::jsDocumentPrototypeFunctionExecCommandBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDocument*)+0x469 (/Volumes/Data/safari-2/OpenSource/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0xb46d29)
    #16 0x74e3f17db in long long WebCore::IDLOperation<WebCore::JSDocument>::call<&(WebCore::jsDocumentPrototypeFunctionExecCommandBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDocument*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)+0xfb (/Volumes/Data/safari-2/OpenSource/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x9ef7db)
    #17 0x74e3f16d8 in WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::JSGlobalObject*, JSC::CallFrame*)+0x8 (/Volumes/Data/safari-2/OpenSource/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x9ef6d8)

<rdar://problem/70064038>

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201028/abbee99a/attachment.htm>

More information about the webkit-unassigned mailing list