[Webkit-unassigned] [Bug 225795] New: Crash in FrameSelection::selectFrameElementInParentIfFullySelected
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu May 13 19:38:59 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=225795
Bug ID: 225795
Summary: Crash in
FrameSelection::selectFrameElementInParentIfFullySelec
ted
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: HTML Editing
Assignee: webkit-unassigned at lists.webkit.org
Reporter: Hironori.Fujii at sony.com
CC: fred.wang at free.fr, wenson_hsieh at apple.com
Crash in FrameSelection::selectFrameElementInParentIfFullySelected
WinCairo r277444
While browsing some web sites with WinCairo, I'm observing crashes in FrameSelection::selectFrameElementInParentIfFullySelected.
Callstack:
WebKit2.dll!WTF::RefPtr<WTF::WeakPtrImpl<WTF::EmptyCounter>,WTF::RawPtrTraits<WTF::WeakPtrImpl<WTF::EmptyCounter>>,WTF::DefaultRefDerefTraits<WTF::WeakPtrImpl<WTF::EmptyCounter>>>::operator!() Line 87 C++
WebKit2.dll!WTF::WeakPtr<WebCore::Frame,WTF::EmptyCounter>::get() Line 96 C++
WebKit2.dll!WebCore::FrameTree::parent() Line 71 C++
WebKit2.dll!WebCore::FrameSelection::selectFrameElementInParentIfFullySelected() Line 1924 C++
WebKit2.dll!WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance(const WebCore::VisibleSelection & newSelectionPossiblyWithoutDirection, WTF::OptionSet<enum WebCore::FrameSelection::SetSelectionOption> options, WebCore::FrameSelection::CursorAlignOnScroll align, WebCore::TextGranularity granularity) Line 414 C++
WebKit2.dll!WebCore::FrameSelection::willBeRemovedFromFrame() Line 1583 C++
WebKit2.dll!WebCore::Document::willBeRemovedFromFrame() Line 2663 C++
WebKit2.dll!WebCore::CachedFrame::destroy() Line 282 C++
WebKit2.dll!WebCore::CachedPage::~CachedPage() Line 79 C++
[External Code]
WebKit2.dll!WebCore::HistoryItem::setCachedPage(std::unique_ptr<WebCore::CachedPage,std::default_delete<WebCore::CachedPage>> && cachedPage) Line 179 C++
WebKit2.dll!WebCore::BackForwardCache::remove(WebCore::HistoryItem & item) Line 568 C++
WebKit2.dll!WebKit::WebProcess::clearCachedPage(WebCore::BackForwardItemIdentifier backForwardItemID, WTF::CompletionHandler<void __cdecl(void)> && completionHandler) Line 1848 C++
WebKit2.dll!IPC::callMemberFunctionImpl<WebKit::WebProcess,void (__cdecl WebKit::WebProcess::*)(WebCore::BackForwardItemIdentifier,WTF::CompletionHandler<void __cdecl(void)> &&),void __cdecl(void),std::tuple<WebCore::BackForwardItemIdentifier>,0>(WebKit::WebProcess * object, void(WebKit::WebProcess::*)(WebCore::BackForwardItemIdentifier, WTF::CompletionHandler<void __cdecl(void)> &&) function, WTF::CompletionHandler<void __cdecl(void)> && completionHandler, std::tuple<WebCore::BackForwardItemIdentifier> && args, std::integer_sequence<unsigned __int64,0> __formal) Line 58 C++
WebKit2.dll!IPC::callMemberFunction<WebKit::WebProcess,void (__cdecl WebKit::WebProcess::*)(WebCore::BackForwardItemIdentifier,WTF::CompletionHandler<void __cdecl(void)> &&),void __cdecl(void),std::tuple<WebCore::BackForwardItemIdentifier>,std::integer_sequence<unsigned __int64,0>>(std::tuple<WebCore::BackForwardItemIdentifier> && args, WTF::CompletionHandler<void __cdecl(void)> && completionHandler, WebKit::WebProcess * object, void(WebKit::WebProcess::*)(WebCore::BackForwardItemIdentifier, WTF::CompletionHandler<void __cdecl(void)> &&) function) Line 64 C++
WebKit2.dll!IPC::handleMessageAsync<Messages::WebProcess::ClearCachedPage,WebKit::WebProcess,void (__cdecl WebKit::WebProcess::*)(WebCore::BackForwardItemIdentifier,WTF::CompletionHandler<void __cdecl(void)> &&)>(IPC::Connection & connection, IPC::Decoder & decoder, WebKit::WebProcess * object, void(WebKit::WebProcess::*)(WebCore::BackForwardItemIdentifier, WTF::CompletionHandler<void __cdecl(void)> &&) function) Line 198 C++
WebKit2.dll!WebKit::WebProcess::didReceiveWebProcessMessage(IPC::Connection & connection, IPC::Decoder & decoder) Line 521 C++
WebKit2.dll!WebKit::WebProcess::didReceiveMessage(IPC::Connection & connection, IPC::Decoder & decoder) Line 857 C++
WebKit2.dll!IPC::Connection::dispatchMessage(IPC::Decoder & decoder) Line 1052 C++
WebKit2.dll!IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder,std::default_delete<IPC::Decoder>> message) Line 1098 C++
WebKit2.dll!IPC::Connection::dispatchOneIncomingMessage() Line 1166 C++
WebKit2.dll!IPC::Connection::enqueueIncomingMessage::__l2::<lambda>() Line 1021 C++
WebKit2.dll!WTF::Detail::CallableWrapper<void <lambda>(void),void>::call() Line 52 C++
WTF.dll!WTF::Function<void __cdecl(void)>::operator()() Line 84 C++
WTF.dll!WTF::RunLoop::performWork() Line 134 C++
WTF.dll!WTF::RunLoop::wndProc(HWND__ * hWnd, unsigned int message, unsigned __int64 wParam, __int64 lParam) Line 57 C++
WTF.dll!WTF::RunLoop::RunLoopWndProc(HWND__ * hWnd, unsigned int message, unsigned __int64 wParam, __int64 lParam) Line 39 C++
[External Code]
WTF.dll!WTF::RunLoop::run() Line 74 C++
WebKit2.dll!WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess,1>::run(int argc, char * * argv) Line 71 C++
WebKit2.dll!WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainWin>(int argc, char * * argv) Line 97 C++
WebKit2.dll!WebKit::WebProcessMain(int argc, char * * argv) Line 58 C++
WebKitWebProcess.exe!main(int argc, char * * argv) Line 35 C++
[External Code]
> void FrameSelection::selectFrameElementInParentIfFullySelected()
> {
> // Find the parent frame; if there is none, then we have nothing to do.
> Frame* parent = m_document->frame()->tree().parent();
m_document->frame()->tree() returned null.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210514/67cf3a54/attachment.htm>
More information about the webkit-unassigned
mailing list