<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - ASSERTION FAILED: m_offset < m_text2->length() in WebCore::SplitTextNodeCommand::SplitTextNodeCommand"
href="https://bugs.webkit.org/show_bug.cgi?id=152116">152116</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>ASSERTION FAILED: m_offset < m_text2->length() in WebCore::SplitTextNodeCommand::SplitTextNodeCommand
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>WebKit Local Build
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>HTML Editing
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>rhodovan.u-szeged@partner.samsung.com
</td>
</tr>
<tr>
<th>CC</th>
<td>darin@apple.com
</td>
</tr>
<tr>
<th>Blocks</th>
<td>116980
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=267088" name="attach_267088" title="Test">attachment 267088</a> <a href="attachment.cgi?id=267088&action=edit" title="Test">[details]</a></span>
Test
Load the attached test with debug MiniBrowser:
<textarea autofocus>g </textarea>
<script>
onload = function() {
document.execCommand("selectAll");
document.execCommand("fontname");
document.execCommand("undo");
document.execCommand("insertText", false, "a");
document.execCommand("redo");
document.execCommand("forwardDelete");
}
</script>
OS: Ubuntu 15.10 x86_64
Checked build: debug EFL
Checked version: 2559fac
Backtrace:
ASSERTION FAILED: m_offset < m_text2->length()
../../Source/WebCore/editing/SplitTextNodeCommand.cpp(48) : WebCore::SplitTextNodeCommand::SplitTextNodeCommand(WTF::PassRefPtr<WebCore::Text>, int)
1 0x7f17661c6fb8 WTFCrash
2 0x7f1765aa8e26 WebCore::SplitTextNodeCommand::SplitTextNodeCommand(WTF::PassRefPtr<WebCore::Text>, int)
3 0x7f1765a893c2 WebCore::SplitTextNodeCommand::create(WTF::PassRefPtr<WebCore::Text>, int)
4 0x7f1765a7ef7a WebCore::CompositeEditCommand::splitTextNode(WTF::PassRefPtr<WebCore::Text>, unsigned int)
5 0x7f1765a692a4 WebCore::ApplyBlockElementCommand::endOfNextParagraphSplittingTextNodesIfNeeded(WebCore::VisiblePosition&, WebCore::Position&, WebCore::Position&)
6 0x7f1765a67b4e WebCore::ApplyBlockElementCommand::formatSelection(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&)
7 0x7f17648c965b WebCore::IndentOutdentCommand::formatSelection(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&)
8 0x7f1765a66dfc WebCore::ApplyBlockElementCommand::doApply()
9 0x7f1765a7cf86 WebCore::CompositeEditCommand::apply()
10 0x7f1765a7cd4d WebCore::applyCommand(WTF::PassRefPtr<WebCore::CompositeEditCommand>)
11 0x7f17648af6f6
12 0x7f17648b399e WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const
13 0x7f176475333d WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&)
14 0x7f1765eb790f WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::ExecState*)
15 0x7f16fffff0c8
Aborted (core dumped)
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f17661c6fbd in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321 *(int *)(uintptr_t)0xbbadbeef = 0;
[Current thread is 1 (Thread 0x7f1769cfca80 (LWP 28677))]
#0 0x00007f17661c6fbd in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1 0x00007f1765aa8e26 in WebCore::SplitTextNodeCommand::SplitTextNodeCommand (this=0x7f1745bbca80, text=..., offset=1) at ../../Source/WebCore/editing/SplitTextNodeCommand.cpp:48
#2 0x00007f1765a893c2 in WebCore::SplitTextNodeCommand::create (node=..., offset=1) at ../../Source/WebCore/editing/SplitTextNodeCommand.h:39
#3 0x00007f1765a7ef7a in WebCore::CompositeEditCommand::splitTextNode (this=0x7f1745b28108, node=..., offset=1) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:476
#4 0x00007f1765a692a4 in WebCore::ApplyBlockElementCommand::endOfNextParagraphSplittingTextNodesIfNeeded (this=0x7f1745b28108, endOfCurrentParagraph=..., start=..., end=...) at ../../Source/WebCore/editing/ApplyBlockElementCommand.cpp:272
#5 0x00007f1765a67b4e in WebCore::ApplyBlockElementCommand::formatSelection (this=0x7f1745b28108, startOfSelection=..., endOfSelection=...) at ../../Source/WebCore/editing/ApplyBlockElementCommand.cpp:143
#6 0x00007f17648c965b in WebCore::IndentOutdentCommand::formatSelection (this=0x7f1745b28108, startOfSelection=..., endOfSelection=...) at ../../Source/WebCore/editing/IndentOutdentCommand.cpp:226
#7 0x00007f1765a66dfc in WebCore::ApplyBlockElementCommand::doApply (this=0x7f1745b28108) at ../../Source/WebCore/editing/ApplyBlockElementCommand.cpp:90
#8 0x00007f1765a7cf86 in WebCore::CompositeEditCommand::apply (this=0x7f1745b28108) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:227
#9 0x00007f1765a7cd4d in WebCore::applyCommand (command=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:186
#10 0x00007f17648af6f6 in WebCore::executeIndent (frame=...) at ../../Source/WebCore/editing/EditorCommand.cpp:456
#11 0x00007f17648b399e in WebCore::Editor::Command::execute (this=0x7ffcfebbf1d0, parameter=..., triggeringEvent=0x0) at ../../Source/WebCore/editing/EditorCommand.cpp:1703
#12 0x00007f176475333d in WebCore::Document::execCommand (this=0x7f1745a1d9c0, commandName=..., userInterface=false, value=...) at ../../Source/WebCore/dom/Document.cpp:4656
#13 0x00007f1765eb790f in WebCore::jsDocumentPrototypeFunctionExecCommand (state=0x7ffcfebbf2a0) at DerivedSources/WebCore/JSDocument.cpp:5066
#14 0x00007f16fffff0c8 in ?? ()
#15 0x00007ffcfebbf330 in ?? ()
#16 0x00007f175998e57c in llint_entry () from webkit/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.1</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>