[Webkit-unassigned] [Bug 225219] New: [WinCairo] SHOULD NEVER BE REACHED in FrameSelection::setSelectionWithoutUpdatingAppearance for editing/selection/selection-in-iframe-removed-crash.html

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Apr 29 17:06:33 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=225219

            Bug ID: 225219
           Summary: [WinCairo] SHOULD NEVER BE REACHED in
                    FrameSelection::setSelectionWithoutUpdatingAppearance
                    for
                    editing/selection/selection-in-iframe-removed-crash.ht
                    ml
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: HTML Editing
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: Hironori.Fujii at sony.com
                CC: wenson_hsieh at apple.com

[WinCairo] SHOULD NEVER BE REACHED in FrameSelection::setSelectionWithoutUpdatingAppearance for editing/selection/selection-in-iframe-removed-crash.html

WinCairo WK2 Debug

> SHOULD NEVER BE REACHED
> C:\home\webkit\gb\Source\WebCore\editing/FrameSelection.cpp(361) : WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance

python.exe ./Tools/Scripts/run-webkit-tests --wincairo --debug --no-retry-failures editing/selection/selection-in-iframe-removed-crash.html --iterations=4 -v

[1/4] editing/selection/selection-in-iframe-removed-crash.html passed
[2/4] editing/selection/selection-in-iframe-removed-crash.html passed
[3/4] editing/selection/selection-in-iframe-removed-crash.html failed unexpectedly (WebProcess crashed [pid=15016])
[4/4] editing/selection/selection-in-iframe-removed-crash.html passed


Callstack:

 # Child-SP          RetAddr           Call Site
00 000000d5`6ab6b320 00007ffc`2a723d41 WTF!WTFCrash(void)+0x1f [C:\home\webkit\gb\Source\WTF\wtf\Assertions.cpp @ 305]
01 000000d5`6ab6b350 00007ffc`2e851e05 WebKit2!WTFCrashWithInfo(int __formal = 0n361, char * __formal = 0x00007ffc`3e482368 "C:\home\webkit\gb\Source\WebCore\editing/FrameSelection.cpp", char * __formal = 0x00007ffc`3e481b28 "WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance", int __formal = 0n2248)+0x31 [C:\home\webkit\gb\WebKitBuild\Debug\WTF\Headers\wtf\Assertions.h @ 693]
02 000000d5`6ab6b380 00007ffc`2e84abd6 WebKit2!WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance(class WebCore::VisibleSelection * newSelectionPossiblyWithoutDirection = 0x000000d5`6ab6b960, class WTF::OptionSet<enum WebCore::FrameSelection::SetSelectionOption> options = class WTF::OptionSet<enum WebCore::FrameSelection::SetSelectionOption>, WebCore::FrameSelection::CursorAlignOnScroll align = AlignCursorOnScrollIfNeeded (0n0), WebCore::TextGranularity granularity = CharacterGranularity (0n0))+0x435 [C:\home\webkit\gb\Source\WebCore\editing\FrameSelection.cpp @ 361]
03 000000d5`6ab6b730 00007ffc`2e85688a WebKit2!WebCore::FrameSelection::setSelection(class WebCore::VisibleSelection * selection = 0x000000d5`6ab6b960, class WTF::OptionSet<enum WebCore::FrameSelection::SetSelectionOption> options = class WTF::OptionSet<enum WebCore::FrameSelection::SetSelectionOption>, struct WebCore::AXTextStateChangeIntent * intent = 0x000000d5`6ab6baf0, WebCore::FrameSelection::CursorAlignOnScroll align = AlignCursorOnScrollIfNeeded (0n0), WebCore::TextGranularity granularity = CharacterGranularity (0n0))+0x186 [C:\home\webkit\gb\Source\WebCore\editing\FrameSelection.cpp @ 426]
04 000000d5`6ab6b870 00007ffc`2e8523a3 WebKit2!WebCore::FrameSelection::selectFrameElementInParentIfFullySelected(void)+0x41a [C:\home\webkit\gb\Source\WebCore\editing\FrameSelection.cpp @ 1961]
05 000000d5`6ab6bb60 00007ffc`2e84abd6 WebKit2!WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance(class WebCore::VisibleSelection * newSelectionPossiblyWithoutDirection = 0x000000d5`6ab6c0a0, class WTF::OptionSet<enum WebCore::FrameSelection::SetSelectionOption> options = class WTF::OptionSet<enum WebCore::FrameSelection::SetSelectionOption>, WebCore::FrameSelection::CursorAlignOnScroll align = AlignCursorOnScrollIfNeeded (0n0), WebCore::TextGranularity granularity = CharacterGranularity (0n0))+0x9d3 [C:\home\webkit\gb\Source\WebCore\editing\FrameSelection.cpp @ 413]
06 000000d5`6ab6bf10 00007ffc`2e851c9e WebKit2!WebCore::FrameSelection::setSelection(class WebCore::VisibleSelection * selection = 0x000000d5`6ab6c0a0, class WTF::OptionSet<enum WebCore::FrameSelection::SetSelectionOption> options = class WTF::OptionSet<enum WebCore::FrameSelection::SetSelectionOption>, struct WebCore::AXTextStateChangeIntent * intent = 0x000000d5`6ab6c380, WebCore::FrameSelection::CursorAlignOnScroll align = AlignCursorOnScrollIfNeeded (0n0), WebCore::TextGranularity granularity = CharacterGranularity (0n0))+0x186 [C:\home\webkit\gb\Source\WebCore\editing\FrameSelection.cpp @ 426]
07 000000d5`6ab6c050 00007ffc`2e84abd6 WebKit2!WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance(class WebCore::VisibleSelection * newSelectionPossiblyWithoutDirection = 0x000000d5`6ab6c748, class WTF::OptionSet<enum WebCore::FrameSelection::SetSelectionOption> options = class WTF::OptionSet<enum WebCore::FrameSelection::SetSelectionOption>, WebCore::FrameSelection::CursorAlignOnScroll align = AlignCursorOnScrollIfNeeded (0n0), WebCore::TextGranularity granularity = CharacterGranularity (0n0))+0x2ce [C:\home\webkit\gb\Source\WebCore\editing\FrameSelection.cpp @ 346]
08 000000d5`6ab6c400 00007ffc`2f24b0f5 WebKit2!WebCore::FrameSelection::setSelection(class WebCore::VisibleSelection * selection = 0x000000d5`6ab6c748, class WTF::OptionSet<enum WebCore::FrameSelection::SetSelectionOption> options = class WTF::OptionSet<enum WebCore::FrameSelection::SetSelectionOption>, struct WebCore::AXTextStateChangeIntent * intent = 0x000000d5`6ab6c840, WebCore::FrameSelection::CursorAlignOnScroll align = AlignCursorOnScrollIfNeeded (0n0), WebCore::TextGranularity granularity = CharacterGranularity (0n0))+0x186 [C:\home\webkit\gb\Source\WebCore\editing\FrameSelection.cpp @ 426]
09 000000d5`6ab6c540 00007ffc`2c6d4141 WebKit2!WebCore::DOMSelection::addRange(class WebCore::Range * liveRange = 0x000001f9`e6c9b390)+0x405 [C:\home\webkit\gb\Source\WebCore\page\DOMSelection.cpp @ 398]
0a 000000d5`6ab6c880 00007ffc`2c6cc787 WebKit2!<lambda_ede694bd6c7f0e3386b51a17f396b85a>::operator()(void)+0x41 [C:\home\webkit\gb\WebKitBuild\Debug\WebCore\DerivedSources\JSDOMSelection.cpp @ 427]
0b 000000d5`6ab6c8c0 00007ffc`2c6b4688 WebKit2!WebCore::toJS<WebCore::IDLUndefined,<lambda_ede694bd6c7f0e3386b51a17f396b85a> >(class JSC::JSGlobalObject * lexicalGlobalObject = 0x000001f9`e2e32048, class JSC::ThrowScope * throwScope = 0x000000d5`6ab6c940, class WebCore::jsDOMSelectionPrototypeFunction_addRangeBody::__l20::<lambda_ede694bd6c7f0e3386b51a17f396b85a> * valueOrFunctor = 0x000000d5`6ab6ca38)+0x37 [C:\home\webkit\gb\Source\WebCore\bindings\js\JSDOMConvertBase.h @ 166]
0c 000000d5`6ab6c8f0 00007ffc`2c6bc889 WebKit2!WebCore::jsDOMSelectionPrototypeFunction_addRangeBody(class JSC::JSGlobalObject * lexicalGlobalObject = 0x000001f9`e2e32048, class JSC::CallFrame * callFrame = 0x000000d5`6ab6cc60, class WebCore::JSDOMSelection * castedThis = 0x000001f9`e6dcd318)+0x328 [C:\home\webkit\gb\WebKitBuild\Debug\WebCore\DerivedSources\JSDOMSelection.cpp @ 427]
0d 000000d5`6ab6cab0 00007ffc`2c6b2269 WebKit2!WebCore::IDLOperation<WebCore::JSDOMSelection>::call<&WebCore::jsDOMSelectionPrototypeFunction_addRangeBody,0>(class JSC::JSGlobalObject * lexicalGlobalObject = 0x000001f9`e2e32048, class JSC::CallFrame * callFrame = 0x000000d5`6ab6cc60, char * operationName = 0x00007ffc`3749e088 "addRange")+0x309 [C:\home\webkit\gb\Source\WebCore\bindings\js\JSDOMOperation.h @ 55]
0e 000000d5`6ab6cc10 000001f9`800011be WebKit2!WebCore::jsDOMSelectionPrototypeFunction_addRange(class JSC::JSGlobalObject * lexicalGlobalObject = 0x000001f9`e2e32048, class JSC::CallFrame * callFrame = 0x000000d5`6ab6cc60)+0x39 [C:\home\webkit\gb\WebKitBuild\Debug\WebCore\DerivedSources\JSDOMSelection.cpp @ 433]
0f 000000d5`6ab6cc40 000001f9`e2e32048 0x000001f9`800011be
10 000000d5`6ab6cc48 000000d5`6ab6cc60 0x000001f9`e2e32048
11 000000d5`6ab6cc50 000000d5`6ab6cce0 0x000000d5`6ab6cc60
12 000000d5`6ab6cc58 00007ffc`467c942e 0x000000d5`6ab6cce0
13 000000d5`6ab6cc60 000000d5`6ab6cce0 JavaScriptCore!llint_entry+0x21aee
14 000000d5`6ab6cc68 00007ffc`467c942e 0x000000d5`6ab6cce0
15 000000d5`6ab6cc70 00000000`00000000 JavaScriptCore!llint_entry+0x21aee

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210430/9347c13a/attachment-0001.htm>

More information about the webkit-unassigned mailing list