<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - WebProcess crashes in int WTF::__throw_bad_variant_access<int> when expanding/shrinking a block selection"
href="https://bugs.webkit.org/show_bug.cgi?id=167673">167673</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>WebProcess crashes in int WTF::__throw_bad_variant_access<int> when expanding/shrinking a block selection
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>WebKit Nightly Build
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>HTML Editing
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>enrica@apple.com
</td>
</tr></table>
<p>
<div>
<pre>There are no reproducible steps for this crash but the crash log indicates that it occurs expanding/shrinking a block selection on iOS in Safari.
Here is the stack trace of the crash:
Thread 0 name: Dispatch queue: com.apple.main-thread
Thread 0 Crashed ↩:
0 WebKit 0x00000001935ac708 int WTF::__throw_bad_variant_access<int>(char const*) + 36 (Variant.h:120)
1 WebKit 0x00000001935ac708 int WTF::__throw_bad_variant_access<int>(char const*) + 36 (Variant.h:120)
2 WebKit 0x000000019359fd88 WebKit::containsRange(WebCore::Range*, WebCore::Range*) + 324 (Variant.h:1808)
3 WebKit 0x000000019359f708 WebKit::WebPage::expandedRangeFromHandle(WebCore::Range*, WebKit::SelectionHandlePosition) + 560 (WebPageIOS.mm:1339)
4 WebKit 0x00000001935a0478 WebKit::WebPage::computeExpandAndShrinkThresholdsForHandle(WebCore::IntPoint const&, WebKit::SelectionHandlePosition, float&, float&) + 136 (WebPageIOS.mm:1526)
5 WebKit 0x00000001935a0ff0 WebKit::WebPage::updateSelectionWithTouches(WebCore::IntPoint const&, unsigned int, bool, unsigned long long) + 756 (WebPageIOS.mm:1744)
6 WebKit 0x00000001935b2b6c void IPC::handleMessage<Messages::WebPage::UpdateSelectionWithTouches, WebKit::WebPage, void (WebKit::WebPage::*)(WebCore::IntPoint const&, unsigned int, bool, unsigned long long)>(IPC::Decoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebCore::IntPoint const&, unsigned int, bool, unsigned long long)) + 76 (HandleMessage.h:46)
7 WebKit 0x0000000193482828 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 120 (MessageReceiverMap.cpp:123)
8 WebKit 0x0000000193611d8c WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 36 (WebProcess.cpp:638)
9 WebKit 0x0000000193448918 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 164 (Connection.cpp:897)
10 WebKit 0x000000019344b104 IPC::Connection::dispatchOneMessage() + 232 (Connection.cpp:955)
11 JavaScriptCore 0x000000018e358c24 WTF::RunLoop::performWork() + 172 (Function.h:50)
12 JavaScriptCore 0x000000018e358efc WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38)
rdar://problem/30229620</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>