[Webkit-unassigned] [Bug 197181] Assertion fires when calling getSubStringLength() for a fragmented <text> element

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=197181

Ahmad Saleem <ahmad.saleem792 at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ahmad.saleem792 at gmail.com

--- Comment #2 from Ahmad Saleem <ahmad.saleem792 at gmail.com> ---
I get hit by this assertion while trying to load test case in Minibrowser WK2 Debug build based of 259136 at main and get following:

ASSERTION FAILED: startPosition >= queryData->processedCharacters
rendering/svg/SVGTextQuery.cpp(142) : bool WebCore::SVGTextQuery::mapStartEndPositionsIntoFragmentCoordinates(WebCore::SVGTextQuery::Data *, const WebCore::SVGTextFragment &, unsigned int &, unsigned int &) const
1   0x139d6ed84 WTFCrash
2   0x280832730 WTFCrashWithInfo(int, char const*, char const*, int)
3   0x285bd1358 WebCore::SVGTextQuery::mapStartEndPositionsIntoFragmentCoordinates(WebCore::SVGTextQuery::Data*, WebCore::SVGTextFragment const&, unsigned int&, unsigned int&) const
4   0x285bd1bd4 WebCore::SVGTextQuery::subStringLengthCallback(WebCore::SVGTextQuery::Data*, WebCore::SVGTextFragment const&) const
5   0x285bd1238 WebCore::SVGTextQuery::executeQuery(WebCore::SVGTextQuery::Data*, bool (WebCore::SVGTextQuery::*)(WebCore::SVGTextQuery::Data*, WebCore::SVGTextFragment const&) const) const
6   0x285bd1d08 WebCore::SVGTextQuery::subStringLength(unsigned int, unsigned int) const
7   0x2860366ac WebCore::SVGTextContentElement::getSubStringLength(unsigned int, unsigned int)
8   0x281a6ad08 WebCore::jsSVGTextContentElementPrototypeFunction_getSubStringLengthBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSSVGTextContentElement*)
9   0x281a6a9c4 long long WebCore::IDLOperation<WebCore::JSSVGTextContentElement>::call<&(WebCore::jsSVGTextContentElementPrototypeFunction_getSubStringLengthBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSSVGTextContentElement*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)
10  0x281a69e68 WebCore::jsSVGTextContentElementPrototypeFunction_getSubStringLength(JSC::JSGlobalObject*, JSC::CallFrame*)
11  0x2a4e5403c (null)
12  0x13a496990 llint_entry
13  0x13a470eec vmEntryToJavaScript
14  0x13b4cfa5c JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
15  0x13b4ceff8 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*)
16  0x13b938110 JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
17  0x13b938254 JSC::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
18  0x283240254 WebCore::JSExecState::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
19  0x28323fd28 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&)
20  0x28323fb5c WebCore::ScriptController::evaluateInWorldIgnoringException(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&)
21  0x28324050c WebCore::ScriptController::evaluateIgnoringException(WebCore::ScriptSourceCode const&)
22  0x283cbd164 WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&)
23  0x283cbb2e8 WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport)
24  0x2863d6984 WebCore::XMLDocumentParser::endElementNs()
25  0x2863d7e18 WebCore::endElementNsHandler(void*, unsigned char const*, unsigned char const*, unsigned char const*)
26  0x1a6f538b4 xmlParseEndTag2
27  0x1a6f4a320 xmlParseTryOrFinish
28  0x1a6f48f40 xmlParseChunk
29  0x2863d5034 WebCore::XMLDocumentParser::doWrite(WTF::String const&)
30  0x2863cb95c WebCore::XMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl, WTF::RawPtrTraits<WTF::StringImpl>, WTF::DefaultRefDerefTraits<WTF::StringImpl> >&&)
31  0x283a67eec WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter&, unsigned char const*, unsigned long)
2023-01-20 19:01:00.281 MiniBrowser[67347:23990700] WebContent process crashed; reloading
ASSERTION FAILED: m_connection
/Users/ahmadsaleem/Documents/GitHub-Webkit-origin/Webkit/Source/WebKit/UIProcess/AuxiliaryProcessProxy.h(86) : IPC::Connection *WebKit::AuxiliaryProcessProxy::connection() const
1   0x135b4ed84 WTFCrash
2   0x11610fc30 WTFCrashWithInfo(int, char const*, char const*, int)
3   0x117231d48 WebKit::AuxiliaryProcessProxy::connection() const
4   0x117c5b848 WebKit::WebPageProxy::messageSenderConnection() const
5   0x117c5b3e4 WebKit::WebPageProxy::sendWheelEvent(WebKit::WebWheelEvent const&, WTF::OptionSet<WebCore::WheelEventProcessingSteps>)
6   0x117c5b298 WebKit::WebPageProxy::handleWheelEvent(WebKit::NativeWebWheelEvent const&)
7   0x11795cd7c WebKit::WebViewImpl::scrollWheel(NSEvent*)
8   0x1175a27ac -[WKWebView(WKImplementationMac) scrollWheel:]
9   0x1a259e618 -[NSWindow(NSEventRouting) _reallySendEvent:isDelayedEvent:]
10  0x1a259d124 -[NSWindow(NSEventRouting) sendEvent:]
11  0x1a259c25c -[NSApplication(NSEvent) sendEvent:]
12  0x1a27ee360 -[NSApplication _handleEvent:]
13  0x1a2463a08 -[NSApplication run]
14  0x1a243ae28 NSApplicationMain
15  0x100045edc main
16  0x19ede7e50 start
2023-01-20 19:01:00.335 com.apple.WebKit.WebContent.Development[67548:23993744] Application does not have permission to communicate with network resources. rc=1 : errno=3

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230120/6da8dfa6/attachment-0001.htm>