Bug 158373

Summary:

REGRESSION (r201667): ASSERTION FAILED: !m_anchorNode || !editingIgnoresContent(*m_anchorNode)

Product:

WebKit

Reporter:

Ryan Haddad <ryanhaddad>

Component:

HTML Editing

Assignee:

Ryosuke Niwa <rniwa>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

enrica, rniwa, webkit-bug-importer

Priority:

Keywords:

InRadar, Regression

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

See Also:

https://bugs.webkit.org/show_bug.cgi?id=158241
https://bugs.webkit.org/show_bug.cgi?id=158569

Attachments:

Description	Flags
Fixes the bug	none
Archive of layout-test-results from ews114 for mac-yosemite	none
Fixed the test for WK1	bfulgham: review+

Ryan Haddad

Reported 2016-06-03 17:43:23 PDT

ASSERTION FAILED: !m_anchorNode || !editingIgnoresContent(*m_anchorNode) Encountered on ios-simulator-wk2 debug <https://build.webkit.org/results/Apple%20iOS%209%20Simulator%20Debug%20WK2%20(Tests)/r201667%20(2376)/results.html> Full crashlog: <https://build.webkit.org/results/Apple%20iOS%209%20Simulator%20Debug%20WK2%20(Tests)/r201667%20(2376)/editing/selection/selection-invalid-offset-crash-log.txt> Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 JavaScriptCore 0x000000010a0337c7 WTFCrash + 39 (Assertions.cpp:317) 1 com.apple.WebCore 0x000000010d6c422a WebCore::Position::Position(WTF::PassRefPtr<WebCore::Node>, int, WebCore::Position::AnchorType) + 154 (Position.cpp:130) 2 com.apple.WebCore 0x000000010d6c42f1 WebCore::Position::Position(WTF::PassRefPtr<WebCore::Node>, int, WebCore::Position::AnchorType) + 33 (Position.cpp:133) 3 com.apple.WebCore 0x000000010d6c4a89 WebCore::Position::parentAnchoredEquivalent() const + 281 (Position.cpp:236) 4 com.apple.WebCore 0x000000010e09f5c0 WebCore::VisibleSelection::toNormalizedRange() const + 608 (VisibleSelection.cpp:181) 5 com.apple.WebKit 0x0000000102c8df55 WebKit::WebPage::platformEditorState(WebCore::Frame&, WebKit::EditorState&, WebKit::WebPage::IncludePostLayoutDataHint) const + 2869 (WebPageIOS.mm:190) 6 com.apple.WebKit 0x0000000102c42dbc WebKit::WebPage::editorState(WebKit::WebPage::IncludePostLayoutDataHint) const + 1292 (WebPage.cpp:880) 7 com.apple.WebKit 0x0000000102c5061f WebKit::WebPage::didChangeSelection() + 175 (WebPage.cpp:4720) 8 com.apple.WebKit 0x0000000102b60a7d WebKit::WebEditorClient::respondToChangedSelection(WebCore::Frame*) + 173 (WebEditorClient.cpp:202) 9 com.apple.WebCore 0x000000010c5406f6 WebCore::Editor::respondToChangedSelection(WebCore::VisibleSelection const&, unsigned int) + 102 (Editor.cpp:3310) 10 com.apple.WebCore 0x000000010c786056 WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance(WebCore::VisibleSelection const&, unsigned int, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity) + 1206 (FrameSelection.cpp:328) 11 com.apple.WebCore 0x000000010c784815 WebCore::FrameSelection::setSelection(WebCore::VisibleSelection const&, unsigned int, WebCore::AXTextStateChangeIntent, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity) + 69 (FrameSelection.cpp:335) 12 com.apple.WebCore 0x000000010c786795 WebCore::FrameSelection::selectFrameElementInParentIfFullySelected() + 885 (FrameSelection.cpp:1884) 13 com.apple.WebCore 0x000000010c786034 WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance(WebCore::VisibleSelection const&, unsigned int, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity) + 1172 (FrameSelection.cpp:327) 14 com.apple.WebCore 0x000000010c784815 WebCore::FrameSelection::setSelection(WebCore::VisibleSelection const&, unsigned int, WebCore::AXTextStateChangeIntent, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity) + 69 (FrameSelection.cpp:335) 15 com.apple.WebCore 0x000000010c785e2d WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance(WebCore::VisibleSelection const&, unsigned int, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity) + 653 (FrameSelection.cpp:289) 16 com.apple.WebCore 0x000000010c784815 WebCore::FrameSelection::setSelection(WebCore::VisibleSelection const&, unsigned int, WebCore::AXTextStateChangeIntent, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity) + 69 (FrameSelection.cpp:335) 17 com.apple.WebCore 0x000000010c784ce3 WebCore::FrameSelection::moveTo(WebCore::Range const*) + 355 (FrameSelection.cpp:162) 18 com.apple.WebCore 0x000000010c4d882b WebCore::DOMSelection::addRange(WebCore::Range*) + 123 (DOMSelection.cpp:384) 19 com.apple.WebCore 0x000000010cdcee66 WebCore::jsDOMSelectionPrototypeFunctionAddRange(JSC::ExecState*) + 454 (JSDOMSelection.cpp:522) 20 ??? 0x0000042b3da31028 0 + 4583764201512 21 JavaScriptCore 0x0000000109d4e18d llint_entry + 27817 22 JavaScriptCore 0x0000000109d4e18d llint_entry + 27817 23 JavaScriptCore 0x0000000109d472ce vmEntryToJavaScript + 334 24 JavaScriptCore 0x0000000109b5d3ca JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 218 (JITCode.cpp:80) 25 JavaScriptCore 0x0000000109b0e26d JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) + 4301 (Interpreter.cpp:953) 26 JavaScriptCore 0x00000001095c5bb0 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 480 (Completion.cpp:107) 27 JavaScriptCore 0x00000001095c5cee JSC::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 94 (Completion.cpp:122) 28 com.apple.WebCore 0x000000010db4385b WebCore::JSMainThreadExecState::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 75 (JSMainThreadExecState.h:81) 29 com.apple.WebCore 0x000000010db417b8 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&, WebCore::ExceptionDetails*) + 312 (ScriptController.cpp:163) 30 com.apple.WebCore 0x000000010db42d6e WebCore::ScriptController::executeScriptInWorld(WebCore::DOMWrapperWorld&, WTF::String const&, bool) + 270 (ScriptController.cpp:506) 31 com.apple.WebCore 0x000000010db37a90 WebCore::ScheduledAction::execute(WebCore::Document&) + 352 (ScheduledAction.cpp:127) 32 com.apple.WebCore 0x000000010db37903 WebCore::ScheduledAction::execute(WebCore::ScriptExecutionContext&) + 67 (ScheduledAction.cpp:78) 33 com.apple.WebCore 0x000000010c4ddb04 WebCore::DOMTimer::fired() + 1076 (DOMTimer.cpp:351) 34 com.apple.WebCore 0x000000010df9d43a WebCore::ThreadTimers::sharedTimerFiredInternal() + 394 (ThreadTimers.cpp:124) 35 com.apple.WebCore 0x000000010df9e681 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const + 33 (ThreadTimers.cpp:73) 36 com.apple.WebCore 0x000000010df9e64d void std::__1::__invoke_void_return_wrapper<void>::__call<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&>(WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&&&) + 45 (__functional_base:441) 37 com.apple.WebCore 0x000000010df9e5ec std::__1::__function::__func<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, std::__1::allocator<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0>, void ()>::operator()() + 44 (functional:1407) 38 com.apple.WebCore 0x000000010bd6adea std::__1::function<void ()>::operator()() const + 26 (functional:1793) 39 com.apple.WebCore 0x000000010d41833f WebCore::MainThreadSharedTimer::fired() + 111 (MainThreadSharedTimer.cpp:53) 40 com.apple.WebCore 0x000000010d418739 WebCore::timerFired(__CFRunLoopTimer*, void*) + 41 (MainThreadSharedTimerCF.cpp:74) 41 com.apple.CoreFoundation 0x000000010530b074 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 42 com.apple.CoreFoundation 0x000000010530ac21 __CFRunLoopDoTimer + 1089 43 com.apple.CoreFoundation 0x00000001052ccb11 __CFRunLoopRun + 1937 44 com.apple.CoreFoundation 0x00000001052cc0f8 CFRunLoopRunSpecific + 488 45 com.apple.Foundation 0x000000010228ca31 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 267 46 com.apple.Foundation 0x000000010231ffe1 -[NSRunLoop(NSRunLoop) run] + 74 47 libxpc.dylib 0x000000010680c4d4 _xpc_objc_main + 400 48 libxpc.dylib 0x000000010680e88e xpc_main + 189 49 com.apple.WebKit.WebContent.Development 0x00000001021b90ef main + 895 (XPCServiceMain.mm:114) 50 libdyld.dylib 0x000000010653e92d start + 1

Attachments
Fixes the bug (13.71 KB, patch) 2016-06-07 22:21 PDT, Ryosuke Niwa	no flags	Details Formatted Diff Diff
Archive of layout-test-results from ews114 for mac-yosemite (1.46 MB, application/zip) 2016-06-07 23:28 PDT, Build Bot	no flags	Details
Fixed the test for WK1 (13.78 KB, patch) 2016-06-07 23:33 PDT, Ryosuke Niwa	bfulgham: review+	Details Formatted Diff Diff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

Ryan Haddad

Comment 1 2016-06-03 17:43:56 PDT

Seen with LayoutTest editing/selection/selection-invalid-offset.html Started after http://trac.webkit.org/changeset/201667

Ryosuke Niwa

Comment 2 2016-06-07 22:21:24 PDT

Created attachment 280770 [details] Fixes the bug

Radar WebKit Bug Importer

Comment 3 2016-06-07 22:21:44 PDT

<rdar://problem/26690795>

Build Bot

Comment 4 2016-06-07 23:28:45 PDT

Comment on attachment 280770 [details] Fixes the bug Attachment 280770 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/1463899 New failing tests: editing/selection/selection-in-iframe-removed-crash.html

Build Bot

Comment 5 2016-06-07 23:28:48 PDT

Created attachment 280776 [details] Archive of layout-test-results from ews114 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews114 Port: mac-yosemite Platform: Mac OS X 10.10.5

Ryosuke Niwa

Comment 6 2016-06-07 23:33:06 PDT

Created attachment 280778 [details] Fixed the test for WK1

Brent Fulgham

Comment 7 2016-06-08 09:52:43 PDT

Comment on attachment 280778 [details] Fixed the test for WK1 View in context: https://bugs.webkit.org/attachment.cgi?id=280778&action=review r=me. > Source/WebCore/ChangeLog:4 > + https://bugs.webkit.org/show_bug.cgi?id=158373 Please add <rdar://problem/26690795>

Ryosuke Niwa

Comment 8 2016-06-08 12:17:54 PDT

Committed r201823: <http://trac.webkit.org/changeset/201823>

Ryan Haddad

Comment 9 2016-06-09 09:47:13 PDT

(In reply to comment #8) > Committed r201823: <http://trac.webkit.org/changeset/201823> This change appears to have made editing/selection/selection-in-iframe-removed-crash.html a flaky failure https://bugs.webkit.org/show_bug.cgi?id=158569

Note You need to log in before you can comment on or make changes to this bug.