[Webkit-unassigned] [Bug 216778] [GTK] REGRESSION(r267329): imported/blink/editing/undo/crash-redo-with-iframes.html is crashing

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Sep 21 14:06:04 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=216778

Lauro Moura <lmoura at igalia.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |lmoura at igalia.com

--- Comment #3 from Lauro Moura <lmoura at igalia.com> ---
Created attachment 409318

  --> https://bugs.webkit.org/attachment.cgi?id=409318&action=review

Debug crash log

Here's the stack trace from the debug log. It fails the assertion at the start of serializeNodes:

Top of the stack:

Thread 1 (Thread 0x7ff19326e9c0 (LWP 115)):
#0  WTFCrash() () at ../../Source/WTF/wtf/Assertions.cpp:295
#1  0x00007ff1aa6fc197 in CRASH_WITH_INFO(...) () at DerivedSources/ForwardingHeaders/wtf/Assertions.h:713
#2  0x00007ff1ad8bb03f in WebCore::StyledMarkupAccumulator::serializeNodes(WebCore::Position const&, WebCore::Position const&) (this=0x7ffe2f683570, start=..., end=...) at ../../Source/WebCore/editing/markup.cpp:587
#3  0x00007ff1ad8bccf9 in WebCore::serializePreservingVisualAppearanceInternal(WebCore::Position const&, WebCore::Position const&, WTF::Vector<WebCore::Node*, 0, WTF::CrashOnOverflow, 16, WTF::FastMalloc>*, WebCore::ResolveURLs, WebCore::SerializeComposedTree, WebCore::AnnotateForInterchange, WebCore::ConvertBlocksToInlines, WebCore::StandardFontFamilySerializationMode, WebCore::MSOListMode) (start=..., end=..., nodes=0x0, resolveURLs=WebCore::ResolveURLs::YesExcludingLocalFileURLsForPrivacy, serializeComposedTree=WebCore::SerializeComposedTree::No, annotate=WebCore::AnnotateForInterchange::Yes, convertBlocksToInlines=WebCore::ConvertBlocksToInlines::No, standardFontFamilySerializationMode=WebCore::StandardFontFamilySerializationMode::Keep, msoListMode=WebCore::MSOListMode::DoNotPreserve) at ../../Source/WebCore/editing/markup.cpp:878
#4  0x00007ff1ad8bd478 in WebCore::serializePreservingVisualAppearance(WebCore::VisibleSelection const&, WebCore::ResolveURLs, WebCore::SerializeComposedTree, WTF::Vector<WebCore::Node*, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*) (selection=..., resolveURLs=WebCore::ResolveURLs::YesExcludingLocalFileURLsForPrivacy, serializeComposedTree=WebCore::SerializeComposedTree::No, nodes=0x0) at ../../Source/WebCore/editing/markup.cpp:946
#5  0x00007ff1abaa15ad in WebKit::WebEditorClient::updateGlobalSelection(WebCore::Frame*) (this=0x7ff1929f62b8, frame=0x7ff1929a4100) at ../../Source/WebKit/WebProcess/WebCoreSupport/gtk/WebEditorClientGtk.cpp:147
#6  0x00007ff1aba4daca in WebKit::WebEditorClient::respondToChangedSelection(WebCore::Frame*) (this=0x7ff1929f62b8, frame=0x7ff1929a4100) at ../../Source/WebKit/WebProcess/WebCoreSupport/WebEditorClient.cpp:229
#7  0x00007ff1ad81c583 in WebCore::Editor::respondToChangedSelection(WebCore::VisibleSelection const&, WTF::OptionSet<WebCore::FrameSelection::SetSelectionOption>) (this=0x7ff1929784e0, options=...) at ../../Source/WebCore/editing/Editor.cpp:3630
#8  0x00007ff1ad829170 in WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance(WebCore::VisibleSelection const&, WTF::OptionSet<WebCore::FrameSelection::SetSelectionOption>, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity) (this=0x7ff19297aa80, newSelectionPossiblyWithoutDirection=..., options=..., align=WebCore::FrameSelection::AlignCursorOnScrollIfNeeded, granularity=WebCore::TextGranularity::CharacterGranularity) at ../../Source/WebCore/editing/FrameSelection.cpp:395
#9  0x00007ff1ad82937d in WebCore::FrameSelection::setSelection(WebCore::VisibleSelection const&, WTF::OptionSet<WebCore::FrameSelection::SetSelectionOption>, WebCore::AXTextStateChangeIntent, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity) (this=0x7ff19297aa80, selection=..., options=..., intent=..., align=WebCore::FrameSelection::AlignCursorOnScrollIfNeeded, granularity=WebCore::TextGranularity::CharacterGranularity) at ../../Source/WebCore/editing/FrameSelection.cpp:408

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200921/f1bfebe7/attachment-0001.htm>

More information about the webkit-unassigned mailing list