Bug 19075 - ASSERT in editing code, ASSERTION FAILED: selection.isCaretOrRange()
Summary: ASSERT in editing code, ASSERTION FAILED: selection.isCaretOrRange()
Status: RESOLVED WORKSFORME
Alias: None
Product: WebKit
Classification: Unclassified
Component: HTML Editing (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac OS X 10.5
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks: 18858
  Show dependency treegraph
 
Reported: 2008-05-15 04:20 PDT by Eric Seidel (no email)
Modified: 2008-06-10 19:23 PDT (History)
1 user (show)

See Also:


Attachments
test case (ONLY ASSERTS under DRT in Debug mode) (955 bytes, text/html)
2008-05-15 04:24 PDT, Eric Seidel (no email)
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Eric Seidel (no email) 2008-05-15 04:20:11 PDT
ASSERT in editing code, ASSERTION FAILED: selection.isCaretOrRange()

ASSERTION FAILED: selection.isCaretOrRange()
(/Users/eseidel/Projects/WebKit/WebCore/editing/ReplaceSelectionCommand.cpp:594 virtual void WebCore::ReplaceSelectionCommand::doApply())

The commands:
  doc.execCommand('createLink', 0, '</td>');
  doc.execCommand('justifyright', 1, '<script src=https://webkit.org>');
  doc.execCommand('cut', 0, 'javascript:1');
  doc.execCommand('insertunorderedlist', 1, 'courier');
  doc.execCommand('insertunorderedlist', 1, 'courier');
  doc.execCommand('insertunorderedlist', 0, '');
  doc.execCommand('createLink', 0, '<tr>');
  doc.execCommand('insertunorderedlist', 1, '<table>');
  doc.execCommand('paste', 1, 'red');
  doc.execCommand('insertorderedlist', 1, '');
  doc.execCommand('insertparagraph', 0, 'javascript:1');
  doc.execCommand('justifycenter', 0, 'https://www.webkit.org');
  doc.execCommand('createLink', 1, '<iframe src=about:blank>');
  doc.execCommand('indent', 0, 'red');
  doc.execCommand('outdent', 0, '</tr>');

Unfortunately my reduction script reduced it far enough that it no longer crashes in Safari, but it does crash in DRT.  You'll have to run this test under DRT to see the crash.
Comment 1 Eric Seidel (no email) 2008-05-15 04:20:48 PDT
The value parameters for most of those calls can probably be removed.
Comment 2 Eric Seidel (no email) 2008-05-15 04:24:11 PDT
Created attachment 21159 [details]
test case (ONLY ASSERTS under DRT in Debug mode)
Comment 3 Eric Seidel (no email) 2008-06-10 19:23:31 PDT
I still hit this ASSERT with the fuzzer, but not with this test case.   I guess I'll close and open a new bug with a new test case.