116088 – Assertion failure: static_cast<unsigned>(position.offsetInContainerNode()) <= node->length()

RESOLVED WORKSFORME 116088

Assertion failure: static_cast<unsigned>(position.offsetInContainerNode()) <= node->length()

https://bugs.webkit.org/show_bug.cgi?id=116088

Summary Assertion failure: static_cast<unsigned>(position.offsetInContainerNode()) <=...

Bem Jones-Bey

Reported 2013-05-13 21:09:26 PDT

Loading the attached file in a debug build of WebKit causes the following assertion failure: ASSERTION FAILED: static_cast<unsigned>(position.offsetInContainerNode()) <= node->length() /Users/bjonesbe/Code/webkit/svn/Source/WebCore/editing/FrameSelection.cpp(460) : void WebCore::updatePositionAfterAdoptingTextReplacement(WebCore::Position &, WebCore::CharacterData *, unsigned int, unsigned int, unsigned int) 1 0x109132a95 WebCore::updatePositionAfterAdoptingTextReplacement(WebCore::Position&, WebCore::CharacterData*, unsigned int, unsigned int, unsigned int) 2 0x10913260f WebCore::FrameSelection::textWasReplaced(WebCore::CharacterData*, unsigned int, unsigned int, unsigned int) 3 0x108bef143 WebCore::CharacterData::setDataAndUpdate(WTF::String const&, unsigned int, unsigned int, unsigned int) 4 0x108bef827 WebCore::CharacterData::deleteData(unsigned int, unsigned int, int&) 5 0x109d9ed14 WebCore::Range::processContentsBetweenOffsets(WebCore::Range::ActionType, WTF::PassRefPtr<WebCore::DocumentFragment>, WebCore::Node*, unsigned int, unsigned int, int&) 6 0x109d9e11a WebCore::Range::processContents(WebCore::Range::ActionType, int&) 7 0x109d9d98a WebCore::Range::deleteContents(int&) 8 0x1098caadc WebCore::jsRangePrototypeFunctionDeleteContents(JSC::ExecState*) 9 0x598c39c01045 10 0x107b66764 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) 11 0x107b633ed JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 12 0x10796ba7c JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 13 0x1095a0212 WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 14 0x1096ff47b WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) 15 0x109047eb2 WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow>&) 16 0x109047aa6 WebCore::EventTarget::fireEventListeners(WebCore::Event*) 17 0x109cd5f42 WebCore::Node::handleLocalEvents(WebCore::Event*) 18 0x1090158b1 WebCore::EventContext::handleLocalEvents(WebCore::Event*) const 19 0x109017527 WebCore::EventDispatcher::dispatchEventAtBubbling(WebCore::WindowEventContext&) 20 0x109016be5 WebCore::EventDispatcher::dispatch() 21 0x10901891b WebCore::EventDispatchMediator::dispatchEvent(WebCore::EventDispatcher*) const 22 0x1090160cc WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WTF::PassRefPtr<WebCore::EventDispatchMediator>) 23 0x10a104fbc WebCore::ScopedEventQueue::dispatchEvent(WTF::PassRefPtr<WebCore::EventDispatchMediator>) const 24 0x10a104ee1 WebCore::ScopedEventQueue::enqueueEventDispatchMediator(WTF::PassRefPtr<WebCore::EventDispatchMediator>) 25 0x1090163d2 WebCore::EventDispatcher::dispatchScopedEvent(WebCore::Node*, WTF::PassRefPtr<WebCore::EventDispatchMediator>) 26 0x109cd5fdd WebCore::Node::dispatchScopedEventDispatchMediator(WTF::PassRefPtr<WebCore::EventDispatchMediator>) 27 0x109cd5f8a WebCore::Node::dispatchScopedEvent(WTF::PassRefPtr<WebCore::Event>) 28 0x108c60132 WebCore::dispatchChildInsertionEvents(WebCore::Node*) 29 0x108c5d02c WebCore::updateTreeAfterInsertion(WebCore::ContainerNode*, WebCore::Node*, WebCore::AttachBehavior) 30 0x108c5c76a WebCore::ContainerNode::appendChild(WTF::PassRefPtr<WebCore::Node>, int&, WebCore::AttachBehavior) 31 0x108c5c10a WebCore::ContainerNode::insertBefore(WTF::PassRefPtr<WebCore::Node>, WebCore::Node*, int&, WebCore::AttachBehavior)

Attachments
Add attachment proposed patch, testcase, etc.

Bem Jones-Bey

Comment 1 2013-05-13 21:12:22 PDT

Chromium Issue https://code.google.com/p/chromium/issues/detail?id=240594 has been filed to track this in Blink.

Bem Jones-Bey

Comment 2 2014-08-19 14:17:57 PDT

I don't know what happened to the attached test case, but the testcase that's attached to the Blink issue doesn't cause an assertion failure in a current build, so it looks like this has been fixed.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution WORKSFORME

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component Layout and Rendering

Assignee

Nobody

Reported

2013-05-13 21:09 PDT

Modified

2014-08-19 14:17 PDT History

CC List

1 user Show

URL

Keywords

Depends on

Blocks