<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - ASSERTION FAILED: m_offset + m_count <= m_node->length() in WebCore::DeleteFromTextNodeCommand::DeleteFromTextNodeCommand"
href="https://bugs.webkit.org/show_bug.cgi?id=150969">150969</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>ASSERTION FAILED: m_offset + m_count <= m_node->length() in WebCore::DeleteFromTextNodeCommand::DeleteFromTextNodeCommand
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>WebKit Local Build
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>HTML Editing
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>rhodovan.u-szeged@partner.samsung.com
</td>
</tr>
<tr>
<th>CC</th>
<td>darin@apple.com
</td>
</tr>
<tr>
<th>Blocks</th>
<td>116980
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=264922" name="attach_264922" title="Test">attachment 264922</a> <a href="attachment.cgi?id=264922&action=edit" title="Test">[details]</a></span>
Test
Load the attached test with debug MiniBrowser:
<script>
function f_0() {
document.execCommand("selectAll", false);
document.execCommand("fontname", true);
document.execCommand("undo", false);
document.execCommand("insertText", false,"a");
document.execCommand("redo", false);
document.execCommand("forwardDelete",false);
}
</script>
<body onload="f_0()">
<textarea autofocus>g </textarea>
</body>
OS: Ubuntu 15.04 x86_64
Checked build: debug EFL
Checked version: babd346
Backtrace:
ASSERTION FAILED: m_offset + m_count <= m_node->length()
../../Source/WebCore/editing/DeleteFromTextNodeCommand.cpp(44) : WebCore::DeleteFromTextNodeCommand::DeleteFromTextNodeCommand(WTF::RefPtr<WebCore::Text>&&, unsigned int, unsigned int, WebCore::EditAction)
1 0x7fd301198bb5 WTFCrash
2 0x7fd308556ac1 WebCore::DeleteFromTextNodeCommand::DeleteFromTextNodeCommand(WTF::RefPtr<WebCore::Text>&&, unsigned int, unsigned int, WebCore::EditAction)
3 0x7fd30855176c WebCore::DeleteFromTextNodeCommand::create(WTF::RefPtr<WebCore::Text>&&, unsigned int, unsigned int, WebCore::EditAction)
4 0x7fd308548c18 WebCore::CompositeEditCommand::deleteTextFromNode(WTF::PassRefPtr<WebCore::Text>, unsigned int, unsigned int)
5 0x7fd30855a541 WebCore::DeleteSelectionCommand::deleteTextFromNode(WTF::PassRefPtr<WebCore::Text>, unsigned int, unsigned int)
6 0x7fd30855ac38 WebCore::DeleteSelectionCommand::handleGeneralDelete()
7 0x7fd30855db36 WebCore::DeleteSelectionCommand::doApply()
8 0x7fd3085460f6 WebCore::CompositeEditCommand::applyCommandToComposite(WTF::PassRefPtr<WebCore::EditCommand>)
9 0x7fd308549b0b WebCore::CompositeEditCommand::deleteSelection(WebCore::VisibleSelection const&, bool, bool, bool, bool, bool)
10 0x7fd307409bef WebCore::TypingCommand::forwardDeleteKeyPressed(WebCore::TextGranularity, bool)
11 0x7fd30740732c WebCore::TypingCommand::doApply()
12 0x7fd308545e22 WebCore::CompositeEditCommand::apply()
13 0x7fd3074063ae WebCore::TypingCommand::forwardDeleteKeyPressed(WebCore::Document&, unsigned int, WebCore::TextGranularity)
14 0x7fd3073be2e7
15 0x7fd3073c25dc WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const
16 0x7fd307268107 WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&)
17 0x7fd308983467 WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::ExecState*)
18 0x7fd2a3fff0c8
Aborted (core dumped)
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007fd301198bba in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321 *(int *)(uintptr_t)0xbbadbeef = 0;
#0 0x00007fd301198bba in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1 0x00007fd308556ac1 in WebCore::DeleteFromTextNodeCommand::DeleteFromTextNodeCommand(WTF::RefPtr<WebCore::Text>&&, unsigned int, unsigned int, WebCore::EditAction) (this=0x7fd2e87c0d20, node=<unknown type in webkit/WebKitBuild/Debug/lib/libewebkit2.so.1, CU 0x49fc0089, DIE 0x49fe21e1>, offset=0, count=334, editingAction=WebCore::EditActionDelete) at ../../Source/WebCore/editing/DeleteFromTextNodeCommand.cpp:44
#2 0x00007fd30855176c in WebCore::DeleteFromTextNodeCommand::create(WTF::RefPtr<WebCore::Text>&&, unsigned int, unsigned int, WebCore::EditAction) (node=<unknown type in webkit/WebKitBuild/Debug/lib/libewebkit2.so.1, CU 0x49eae53d, DIE 0x49f89ac7>, offset=0, count=334, editingAction=WebCore::EditActionDelete) at ../../Source/WebCore/editing/DeleteFromTextNodeCommand.h:39
#3 0x00007fd308548c18 in WebCore::CompositeEditCommand::deleteTextFromNode (this=0x7fd2e8696bd0, node=..., offset=0, count=334) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:555
#4 0x00007fd30855a541 in WebCore::DeleteSelectionCommand::deleteTextFromNode (this=0x7fd2e8696bd0, node=..., offset=0, count=334) at ../../Source/WebCore/editing/DeleteSelectionCommand.cpp:423
#5 0x00007fd30855ac38 in WebCore::DeleteSelectionCommand::handleGeneralDelete (this=0x7fd2e8696bd0) at ../../Source/WebCore/editing/DeleteSelectionCommand.cpp:482
#6 0x00007fd30855db36 in WebCore::DeleteSelectionCommand::doApply (this=0x7fd2e8696bd0) at ../../Source/WebCore/editing/DeleteSelectionCommand.cpp:842
#7 0x00007fd3085460f6 in WebCore::CompositeEditCommand::applyCommandToComposite (this=0x7fd2e86ad318, prpCommand=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:278
#8 0x00007fd308549b0b in WebCore::CompositeEditCommand::deleteSelection (this=0x7fd2e86ad318, selection=..., smartDelete=false, mergeBlocksAfterDelete=true, replace=false, expandForSpecialElements=true, sanitizeMarkup=true) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:650
#9 0x00007fd307409bef in WebCore::TypingCommand::forwardDeleteKeyPressed (this=0x7fd2e86ad318, granularity=WebCore::CharacterGranularity, killRing=false) at ../../Source/WebCore/editing/TypingCommand.cpp:635
#10 0x00007fd30740732c in WebCore::TypingCommand::doApply (this=0x7fd2e86ad318) at ../../Source/WebCore/editing/TypingCommand.cpp:269
#11 0x00007fd308545e22 in WebCore::CompositeEditCommand::apply (this=0x7fd2e86ad318) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:227
#12 0x00007fd3074063ae in WebCore::TypingCommand::forwardDeleteKeyPressed (document=..., options=0, granularity=WebCore::CharacterGranularity) at ../../Source/WebCore/editing/TypingCommand.cpp:138
#13 0x00007fd3073be2e7 in WebCore::executeForwardDelete (frame=..., source=WebCore::CommandFromDOM) at ../../Source/WebCore/editing/EditorCommand.cpp:440
#14 0x00007fd3073c25dc in WebCore::Editor::Command::execute (this=0x7fff38f75640, parameter=..., triggeringEvent=0x0) at ../../Source/WebCore/editing/EditorCommand.cpp:1703
#15 0x00007fd307268107 in WebCore::Document::execCommand (this=0x7fd2e8436000, commandName=..., userInterface=false, value=...) at ../../Source/WebCore/dom/Document.cpp:4657
#16 0x00007fd308983467 in WebCore::jsDocumentPrototypeFunctionExecCommand (state=0x7fff38f75710) at DerivedSources/WebCore/JSDocument.cpp:5066
#17 0x00007fd2a3fff0c8 in ?? ()
#18 0x00007fff38f757a0 in ?? ()
#19 0x00007fd301141351 in llint_entry () from webkit/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.1</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>