RESOLVED FIXED 122777
Assertion failure in Range::processContentsBetweenOffsets 
https://bugs.webkit.org/show_bug.cgi?id=122777
Summary Assertion failure in Range::processContentsBetweenOffsets
Ryosuke Niwa
Reported 2013-10-14 14:26:55 PDT
Merge https://chromium.googlesource.com/chromium/blink/+/c15de182774c7859c20d97126eb844ae97b792a4 https://code.google.com/p/chromium/issues/detail?id=240594 Make Range::processContentsBetweenOffsets() to handle node modification by mutation event handler This patch changes ASSERT statements for checking |endOffset| inbound in Range::processContentsBetweenOffsets() to limit |endOffset|. This situation can be happened when DOMNodeRemovedFromDocument event handler splits text nodes, Range::insertNode() on text node, in the range calling Range::deleteContents(). This is the last part of fixing issue 240594.
Attachments
Fixes the bug (4.94 KB, patch)
2013-10-14 14:40 PDT, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
Updated for ToT (4.90 KB, patch)
2013-10-14 14:50 PDT, Ryosuke Niwa 		darin: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1 2013-10-14 14:40:29 PDT
Created attachment 214189 [details] Fixes the bug
Ryosuke Niwa
Comment 2 2013-10-14 14:41:54 PDT
Comment on attachment 214189 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=214189&action=review > Source/WebCore/dom/Range.cpp:792 > + startOffset = std::min(startOffset, endOffset); The Blink patch didn't adjust startOffset so I'm doing that here. > Source/WebCore/dom/Range.cpp:807 > + startOffset = std::min(startOffset, endOffset); Ditto. > LayoutTests/fast/dom/Range/range-delete-contents-mutation-event-crash-expected.txt:1 > +This tests inserting a text node while calling deleteContents. WebKit should not hit an assertion. I added this description. > LayoutTests/fast/dom/Range/range-delete-contents-mutation-event-crash.html:11 > +var sample = document.getElementById('sample'); And got rid of obnoxious $ function.
Ryosuke Niwa
Comment 3 2013-10-14 14:50:19 PDT
Created attachment 214191 [details] Updated for ToT
Ryosuke Niwa
Comment 4 2013-10-14 16:57:17 PDT
Committed r157431: <http://trac.webkit.org/changeset/157431>
Radar WebKit Bug Importer
Comment 5 2013-10-14 23:19:52 PDT
<rdar://problem/15228667>
Note You need to log in before you can comment on or make changes to this bug.