<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - [GTK] Null WebCore::Range deference in WebEditorClient::updateGlobalSelection"
href="https://bugs.webkit.org/show_bug.cgi?id=159341">159341</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>[GTK] Null WebCore::Range deference in WebEditorClient::updateGlobalSelection
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>WebKit Nightly Build
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>WebKit Gtk
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>Hironori.Fujii@sony.com
</td>
</tr>
<tr>
<th>CC</th>
<td>bugs-noreply@webkitgtk.org
</td>
</tr></table>
<p>
<div>
<pre>Following tests crash with same callstack:
editing/input/set-value-on-input-and-delete.html
editing/selection/selection-in-iframe-removed-crash.html
imported/w3c/web-platform-tests/html/semantics/embedded-content/the-img-element/sizes/parse-a-sizes-attribute.html
imported/w3c/web-platform-tests/html/semantics/forms/textfieldselection/selection-after-content-change.html
imported/w3c/web-platform-tests/html/semantics/forms/textfieldselection/selection-not-application-textarea.html
imported/w3c/web-platform-tests/html/semantics/forms/textfieldselection/selection-not-application.html
Callstack:
<span class="quote">> #0 0x00007fbe5f48e11c in WTF::RefPtr<WebCore::Node>::get (this=0x10) at ../../Source/WTF/wtf/RefPtr.h:64
> #1 0x00007fbe5f7f990a in (anonymous namespace)::RangeBoundaryPoint::container (this=0x10)
> at ../../Source/WebCore/dom/RangeBoundaryPoint.h:83
> #2 0x00007fbe5f7f9928 in (anonymous namespace)::Range::startContainer (this=0x0) at ../../Source/WebCore/dom/Range.h:61
> #3 0x00007fbe6023f956 in (anonymous namespace)::Range::text (this=0x0) at ../../Source/WebCore/dom/Range.cpp:891
> #4 0x00007fbe5f9c0671 in (anonymous namespace)::WebEditorClient::updateGlobalSelection (this=0x5cf840, frame=0x7fbe40da2000)
> at ../../Source/WebKit2/WebProcess/WebCoreSupport/gtk/WebEditorClientGtk.cpp:180
> #5 0x00007fbe5f7cbd8d in (anonymous namespace)::WebEditorClient::respondToChangedSelection (this=0x5cf840, frame=0x7fbe40da2000)
> at ../../Source/WebKit2/WebProcess/WebCoreSupport/WebEditorClient.cpp:195
> #6 0x00007fbe602e63a9 in (anonymous namespace)::Editor::respondToChangedSelection (this=0x7fbe40da1000, options=6)
> at ../../Source/WebCore/editing/Editor.cpp:3320
> #7 0x00007fbe602f7435 in (anonymous namespace)::FrameSelection::setSelectionWithoutUpdatingAppearance (this=0x7fbe40dbf230,
> newSelectionPossiblyWithoutDirection=..., options=6, align=(anonymous namespace)::FrameSelection::AlignCursorOnScrollIfNeeded,
> granularity=(anonymous namespace)::CharacterGranularity) at ../../Source/WebCore/editing/FrameSelection.cpp:327
> #8 0x00007fbe602f756f in (anonymous namespace)::FrameSelection::setSelection (this=0x7fbe40dbf230, selection=..., options=6,
> intent=..., align=(anonymous namespace)::FrameSelection::AlignCursorOnScrollIfNeeded,
> granularity=(anonymous namespace)::CharacterGranularity) at ../../Source/WebCore/editing/FrameSelection.cpp:335
> #9 0x00007fbe603003b4 in (anonymous namespace)::FrameSelection::selectFrameElementInParentIfFullySelected (this=0x7fbe40dbfaf0)
> at ../../Source/WebCore/editing/FrameSelection.cpp:1884
> #10 0x00007fbe602f7407 in (anonymous namespace)::FrameSelection::setSelectionWithoutUpdatingAppearance (this=0x7fbe40dbfaf0,
> newSelectionPossiblyWithoutDirection=..., options=6, align=(anonymous namespace)::FrameSelection::AlignCursorOnScrollIfNeeded,
> granularity=(anonymous namespace)::CharacterGranularity) at ../../Source/WebCore/editing/FrameSelection.cpp:326
> #11 0x00007fbe602f756f in (anonymous namespace)::FrameSelection::setSelection (this=0x7fbe40dbfaf0, selection=..., options=6,
> intent=..., align=(anonymous namespace)::FrameSelection::AlignCursorOnScrollIfNeeded,
> granularity=(anonymous namespace)::CharacterGranularity) at ../../Source/WebCore/editing/FrameSelection.cpp:335
> #12 0x00007fbe602f7218 in (anonymous namespace)::FrameSelection::setSelectionWithoutUpdatingAppearance (this=0x7fbe40dbf230,
> newSelectionPossiblyWithoutDirection=..., options=6, align=(anonymous namespace)::FrameSelection::AlignCursorOnScrollIfNeeded,
> granularity=(anonymous namespace)::CharacterGranularity) at ../../Source/WebCore/editing/FrameSelection.cpp:289
> #13 0x00007fbe602f756f in (anonymous namespace)::FrameSelection::setSelection (this=0x7fbe40dbf230, selection=..., options=6,
> intent=..., align=(anonymous namespace)::FrameSelection::AlignCursorOnScrollIfNeeded,
> granularity=(anonymous namespace)::CharacterGranularity) at ../../Source/WebCore/editing/FrameSelection.cpp:335
> #14 0x00007fbe602f6123 in (anonymous namespace)::FrameSelection::moveTo (this=0x7fbe40dbf230, range=0x7fbe40d3ec00)
> at ../../Source/WebCore/editing/FrameSelection.cpp:162
> #15 0x00007fbe607870dd in (anonymous namespace)::DOMSelection::addRange (this=0x7fbe40cd8e60, r=0x7fbe40d3ec00)
> at ../../Source/WebCore/page/DOMSelection.cpp:383
> #16 0x00007fbe61542db1 in (anonymous namespace)::jsDOMSelectionPrototypeFunctionAddRange (state=0x7ffe9af9e200)
> at DerivedSources/WebCore/JSDOMSelection.cpp:521
> #17 0x00007fbe00288028 in ?? ()
> #18 0x00007ffe9af9e280 in ?? ()
> #19 0x00007fbe5931e48b in llint_entry () from /home/fujii/work/webkit/w1/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18
> Backtrace stopped: frame did not save the PC</span ></pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>