ojan/rniwa, any chance it's because of the fix in Bug 108053? it's the only thing the looks (somewhat) related to me in the changelog above. cross-posted in http://crbug.com/181198

What charset should the test case be rendered with? I get a different rendering with iso-8859-8.

Created attachment 192536 [details] Test case (with correct encoding) oops sorry, forgot about the encoding issue in bugzilla, should be OK now

I cannot reproduce in Safari on Mac with a recent debug build.

Hi Yair, I am currently on travel and can work on this post 18th march, but as far as i could check right now, the localCaretRect() function itself is not being hit for this case. Perhaps am missing something, would need to check in further detail for that. But I was unable to reproduce this crash on my Safari debug build. Apologize if indeed this is a regression due to 108053.

Hi Ryosuke, Yair, This issue is indeed a regression due to r143313 (Bug #108053). I had earlier not carried out the selection step while trying to reproduce the issue, assuming it to be a page load crash. My sincere apologies for the same. I will shortly upload a patch for fixing this crash issue.

Thanks, I'm glad you were able to reproduce the issue, in some rare occasion it's problematic (I'm not sure why...)

Created attachment 195278 [details] Patch

Comment on attachment 195278 [details] Patch Attachment 195278 [details] did not pass chromium-ews (chromium-xvfb): Output: http://webkit-commit-queue.appspot.com/results/17242537 New failing tests: editing/selection/5076323-3.html editing/selection/mixed-editability-9.html editing/deleting/4922367.html editing/selection/table-caret-1.html editing/inserting/insert-paragraph-01.html editing/selection/move-by-line-001.html editing/selection/5076323-2.html editing/selection/editable-non-editable-crash.html editing/selection/table-caret-3.html editing/selection/table-caret-2.html editing/selection/5131716-2.html

Created attachment 195296 [details] Archive of layout-test-results from gce-cr-linux-08 for chromium-linux-x86_64 The attached test failures were seen while running run-webkit-tests on the chromium-ews. Bot: gce-cr-linux-08 Port: chromium-linux-x86_64 Platform: Linux-3.3.8-gcg-201212281604-x86_64-with-GCEL-10.04-gcel_10.04

Created attachment 195306 [details] Patch

Comment on attachment 195306 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=195306&action=review > LayoutTests/editing/selection/click-on-anonymous-content-crash.html:1 > +<html> Missing DOCTYPE. > LayoutTests/editing/selection/click-on-anonymous-content-crash.html:3 > +<script src="../../fast/js/resources/js-test-pre.js"></script> Why do we need js-test-pre.js? > LayoutTests/editing/selection/click-on-anonymous-content-crash.html:9 > + if (window.internals) { Please check window.eventSender instead. internals is never used in this test.

Comment on attachment 195278 [details] Patch Attachment 195278 [details] did not pass win-ews (win): Output: http://webkit-commit-queue.appspot.com/results/17323307

Comment on attachment 195278 [details] Patch Attachment 195278 [details] did not pass mac-ews (mac): Output: http://webkit-commit-queue.appspot.com/results/17323354 New failing tests: editing/deleting/4922367.html

Created attachment 195480 [details] Archive of layout-test-results from webkit-ews-04 for mac-future The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: webkit-ews-04 Port: mac-future Platform: Mac OS X 10.8.2

It appears that we need to rebaseline this test: --- /Volumes/Data/EWS/WebKit/WebKitBuild/Release/layout-test-results/editing/deleting/4922367-expected.txt +++ /Volumes/Data/EWS/WebKit/WebKitBuild/Release/layout-test-results/editing/deleting/4922367-actual.txt @@ -9,17 +9,14 @@ text run at (386,0) width 390: "You should see only a table in the editable region below, with" text run at (0,18) width 139: "the caret just before it." RenderBlock {DIV} at (0,52) size 784x28 - RenderBlock {DIV} at (0,0) size 784x28 - RenderTable {TABLE} at (0,0) size 32x28 [border: (1px solid #BBBBBB)] - RenderTableSection {TBODY} at (1,1) size 30x26 - RenderTableRow {TR} at (0,2) size 30x22 - RenderTableCell {TD} at (2,2) size 12x22 [border: (1px solid #BBBBBB)] [r=0 c=0 rs=1 cs=1] - RenderText {#text} at (2,2) size 8x18 - text run at (2,2) width 8: "1" - RenderTableCell {TD} at (16,2) size 12x22 [border: (1px solid #BBBBBB)] [r=0 c=1 rs=1 cs=1] - RenderText {#text} at (2,2) size 8x18 - text run at (2,2) width 8: "2" - RenderBlock (anonymous) at (0,28) size 784x0 - RenderBlock (anonymous) at (0,28) size 784x0 + RenderTable {TABLE} at (0,0) size 32x28 [border: (1px solid #BBBBBB)] + RenderTableSection {TBODY} at (1,1) size 30x26 + RenderTableRow {TR} at (0,2) size 30x22 + RenderTableCell {TD} at (2,2) size 12x22 [border: (1px solid #BBBBBB)] [r=0 c=0 rs=1 cs=1] + RenderText {#text} at (2,2) size 8x18 + text run at (2,2) width 8: "1" + RenderTableCell {TD} at (16,2) size 12x22 [border: (1px solid #BBBBBB)] [r=0 c=1 rs=1 cs=1] + RenderText {#text} at (2,2) size 8x18 + text run at (2,2) width 8: "2" RenderBlock {UL} at (0,96) size 784x0 -caret: position 0 of child 0 {TABLE} of child 1 {DIV} of child 2 {DIV} of body +caret: position 0 of child 1 {TABLE} of child 2 {DIV} of body

Created attachment 195497 [details] Patch

?? Please rebaseline editing/deleting/4922367.html as needed.

(In reply to comment #18) > ?? Please rebaseline editing/deleting/4922367.html as needed. Hi rniwa, this was due to the previous (incorrect) patch I had uploaded : attachment number 195278. Not for the patch reviewed by you, i.e. #195306

Comment on attachment 195497 [details] Patch Okay.

(In reply to comment #20) > (From update of attachment 195497 [details]) > Okay. Thanks for the r+ ! :)

Comment on attachment 195497 [details] Patch Clearing flags on attachment: 195497 Committed r147087: <http://trac.webkit.org/changeset/147087>

All reviewed patches have been landed. Closing bug.

Confirmed as fixed with Chromium (build 191215), Thanks.