RESOLVED FIXED 111451
[GTK] New editing/selection/selection-in-iframe-removed-crash.html asserts 
https://bugs.webkit.org/show_bug.cgi?id=111451
Summary [GTK] New editing/selection/selection-in-iframe-removed-crash.html asserts
Attachments
Add attachment proposed patch, testcase, etc.
Csaba Osztrogonác
Comment 1 2013-03-06 08:36:19 PST
editing/selection/selection-in-iframe-removed-crash.html introduced in r144400 and https://bugs.webkit.org/show_bug.cgi?id=108696 is a security bug, so maybe it is a security issue too.
Csaba Osztrogonác
Comment 2 2013-03-06 08:37:11 PST
It would be great to have a gdb backtrace.
Ryosuke Niwa
Comment 3 2013-03-06 12:02:31 PST
Also see https://bugs.webkit.org/show_bug.cgi?id=111521. Even though the title says it's about selection-invalid-offset, the crash is happening in selection-in-iframe-removed-crash.html.
Renata Hodovan
Comment 4 2013-03-07 00:59:37 PST
(In reply to comment #2) > It would be great to have a gdb backtrace. Below you have the backtrace on Qt. It crashes both with DRT and QtTestBrowser, however while DRT crashes right after the start, QtTestBrowser does so only after a refresh. #0 0x00007ffff4253e5c in WebCore::comparePositions (a=..., b=...) at /home/reni/Data/REPOS/webkit/Source/WebCore/editing/htmlediting.cpp:78 #1 0x00007ffff4295d19 in WebCore::VisibleSelection::toNormalizedRange (this=0x7a3de8) at /home/reni/Data/REPOS/webkit/Source/WebCore/editing/VisibleSelection.cpp:173 #2 0x00007ffff3a8f941 in WebCore::FrameSelection::toNormalizedRange (this=0x7a3dc0) at /home/reni/Data/REPOS/webkit/Source/WebCore/editing/FrameSelection.h:205 #3 0x00007ffff3a976bf in WebCore::EditorClientQt::respondToChangedSelection (this=0x75ff20, frame=0x7a3790) at /home/reni/Data/REPOS/webkit/Source/WebKit/qt/WebCoreSupport/EditorClientQt.cpp:209 #4 0x00007ffff423329a in WebCore::Editor::notifyComponentsOnChangedSelection (this=0x7a3d00, oldSelection=..., options=6) at /home/reni/Data/REPOS/webkit/Source/WebCore/editing/Editor.cpp:540 #5 0x00007ffff423ffe5 in WebCore::Editor::respondToChangedSelection (this=0x7a3d00, oldSelection=..., options=6) at /home/reni/Data/REPOS/webkit/Source/WebCore/editing/Editor.cpp:2991 #6 0x00007ffff424c0a1 in WebCore::FrameSelection::setSelection (this=0x7a3dc0, newSelection=..., options=6, align=WebCore::FrameSelection::AlignCursorOnScrollIfNeeded, granularity=WebCore::CharacterGranularity) at /home/reni/Data/REPOS/webkit/Source/WebCore/editing/FrameSelection.cpp:330 #7 0x00007ffff4251cd3 in WebCore::FrameSelection::selectFrameElementInParentIfFullySelected (this=0x8fc710) at /home/reni/Data/REPOS/webkit/Source/WebCore/editing/FrameSelection.cpp:1611 #8 0x00007ffff424c062 in WebCore::FrameSelection::setSelection (this=0x8fc710, newSelection=..., options=6, align=WebCore::FrameSelection::AlignCursorOnScrollIfNeeded, granularity=WebCore::CharacterGranularity) at /home/reni/Data/REPOS/webkit/Source/WebCore/editing/FrameSelection.cpp:328 #9 0x00007ffff424be91 in WebCore::FrameSelection::setSelection (this=0x7a3dc0, newSelection=..., options=6, align=WebCore::FrameSelection::AlignCursorOnScrollIfNeeded, granularity=WebCore::CharacterGranularity) at /home/reni/Data/REPOS/webkit/Source/WebCore/editing/FrameSelection.cpp:284 #10 0x00007ffff45d2fbf in WebCore::DOMSelection::addRange (this=0x691710, r=0x905cc0) at /home/reni/Data/REPOS/webkit/Source/WebCore/page/DOMSelection.cpp:395 #11 0x00007ffff5086ece in WebCore::jsDOMSelectionPrototypeFunctionAddRange (exec=0x7fffe43630e8) at generated/JSDOMSelection.cpp:456
Diego Pino
Comment 5 2023-01-25 19:29:12 PST
There are no references to this bug in any TestExpectations. It's probable this bug was solved at some point but it wasn't marked as closed. I'm closing this bug now. If you think this bug report is still valid, please reopen it and add an entry to TestExpectations.
Radar WebKit Bug Importer
Comment 6 2023-01-25 19:31:01 PST
<rdar://problem/104678671>
Note You need to log in before you can comment on or make changes to this bug.