RESOLVED WORKSFORME 19075
ASSERT in editing code, ASSERTION FAILED: selection.isCaretOrRange() 
https://bugs.webkit.org/show_bug.cgi?id=19075
Summary ASSERT in editing code, ASSERTION FAILED: selection.isCaretOrRange()
Eric Seidel (no email)
Reported 2008-05-15 04:20:11 PDT
ASSERT in editing code, ASSERTION FAILED: selection.isCaretOrRange() ASSERTION FAILED: selection.isCaretOrRange() (/Users/eseidel/Projects/WebKit/WebCore/editing/ReplaceSelectionCommand.cpp:594 virtual void WebCore::ReplaceSelectionCommand::doApply()) The commands: doc.execCommand('createLink', 0, '</td>'); doc.execCommand('justifyright', 1, '<script src=https://webkit.org>'); doc.execCommand('cut', 0, 'javascript:1'); doc.execCommand('insertunorderedlist', 1, 'courier'); doc.execCommand('insertunorderedlist', 1, 'courier'); doc.execCommand('insertunorderedlist', 0, ''); doc.execCommand('createLink', 0, '<tr>'); doc.execCommand('insertunorderedlist', 1, '<table>'); doc.execCommand('paste', 1, 'red'); doc.execCommand('insertorderedlist', 1, ''); doc.execCommand('insertparagraph', 0, 'javascript:1'); doc.execCommand('justifycenter', 0, 'https://www.webkit.org'); doc.execCommand('createLink', 1, '<iframe src=about:blank>'); doc.execCommand('indent', 0, 'red'); doc.execCommand('outdent', 0, '</tr>'); Unfortunately my reduction script reduced it far enough that it no longer crashes in Safari, but it does crash in DRT. You'll have to run this test under DRT to see the crash.
Attachments
test case (ONLY ASSERTS under DRT in Debug mode) (955 bytes, text/html)
2008-05-15 04:24 PDT, Eric Seidel (no email) 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Eric Seidel (no email)
Comment 1 2008-05-15 04:20:48 PDT
The value parameters for most of those calls can probably be removed.
Eric Seidel (no email)
Comment 2 2008-05-15 04:24:11 PDT
Created attachment 21159 [details] test case (ONLY ASSERTS under DRT in Debug mode)
Eric Seidel (no email)
Comment 3 2008-06-10 19:23:31 PDT
I still hit this ASSERT with the fuzzer, but not with this test case. I guess I'll close and open a new bug with a new test case.
Note You need to log in before you can comment on or make changes to this bug.