Created attachment 229132 [details] Crash log r167020 Reproducibility: often Steps: Start typing inside a text field and make some typos. What happened: Auto-correction kicks in and WebKit crashes. Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x0000000112a88191 WebCore::TextIterator::range() const + 49 1 com.apple.WebCore 0x0000000112a88f7e WebCore::CharacterIterator::range() const + 30 2 com.apple.WebCore 0x0000000112a89b5f WebCore::characterSubrange(WebCore::CharacterIterator&, int, int) + 47 3 com.apple.WebCore 0x0000000112a89b06 WebCore::TextIterator::subrange(WebCore::Range*, int, int) + 134 4 com.apple.WebCore 0x0000000111db68da WebCore::AlternativeTextController::applyAlternativeTextToRange(WebCore::Range const*, WTF::String const&, WebCore::AlternativeTextType, WTF::Vector<WebCore::DocumentMarker::MarkerType, 0ul, WTF::CrashOnOverflow> const&) + 1754 5 com.apple.WebCore 0x0000000111db5e4f WebCore::AlternativeTextController::handleAlternativeTextUIResult(WTF::String const&) + 703 6 com.apple.WebCore 0x0000000111db6c12 WebCore::AlternativeTextController::applyAutocorrectionBeforeTypingIfAppropriate() + 386 7 com.apple.WebCore 0x000000011200eeaf WebCore::Editor::insertTextWithoutSendingTextEvent(WTF::String const&, bool, WebCore::TextEvent*) + 447 8 com.apple.WebCore 0x000000011200e48c WebCore::Editor::handleTextEvent(WebCore::TextEvent*) + 204 9 com.apple.WebCore 0x0000000112043dd8 WebCore::EventHandler::defaultTextInputEventHandler(WebCore::TextEvent*) + 24 10 com.apple.WebCore 0x00000001126f95d9 WebCore::Node::defaultEventHandler(WebCore::Event*) + 473 11 com.apple.WebCore 0x0000000112153bed WebCore::HTMLInputElement::defaultEventHandler(WebCore::Event*) + 765 12 com.apple.WebCore 0x0000000112037b21 WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WTF::PassRefPtr<WebCore::Event>) + 1553 13 com.apple.WebCore 0x00000001126f8f5d WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 29 14 com.apple.WebCore 0x000000011204cddf WebCore::EventTarget::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&) + 127 15 com.apple.WebCore 0x0000000112043c6a WebCore::EventHandler::handleTextInputEvent(WTF::String const&, WebCore::Event*, WebCore::TextEventInputType) + 282 16 com.apple.WebCore 0x0000000112013765 WebCore::Editor::insertText(WTF::String const&, WebCore::Event*) + 21 17 com.apple.WebKit2 0x0000000111414790 WebKit::WebPage::executeKeypressCommandsInternal(WTF::Vector<WebCore::KeypressCommand, 0ul, WTF::CrashOnOverflow> const&, WebCore::KeyboardEvent*) + 222 18 com.apple.WebKit2 0x0000000111415084 WebKit::WebPage::handleEditingKeyboardEvent(WebCore::KeyboardEvent*) + 386 19 com.apple.WebKit2 0x00000001113d6bca WebKit::WebEditorClient::handleKeyboardEvent(WebCore::KeyboardEvent*) + 18 20 com.apple.WebCore 0x00000001120433f8 WebCore::EventHandler::defaultKeyboardEventHandler(WebCore::KeyboardEvent*) + 472 21 com.apple.WebCore 0x00000001126f9519 WebCore::Node::defaultEventHandler(WebCore::Event*) + 281 22 com.apple.WebCore 0x00000001121539d4 WebCore::HTMLInputElement::defaultEventHandler(WebCore::Event*) + 228 23 com.apple.WebCore 0x0000000112037b21 WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WTF::PassRefPtr<WebCore::Event>) + 1553 24 com.apple.WebCore 0x00000001126f8f5d WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 29 25 com.apple.WebCore 0x000000011204cddf WebCore::EventTarget::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&) + 127 26 com.apple.WebCore 0x0000000112042e80 WebCore::EventHandler::keyEvent(WebCore::PlatformKeyboardEvent const&) + 1968 27 com.apple.WebCore 0x0000000112abee47 WebCore::UserInputBridge::handleKeyEvent(WebCore::PlatformKeyboardEvent const&, WebCore::InputSource) + 375 28 com.apple.WebKit2 0x000000011140790a WebKit::handleKeyEvent(WebKit::WebKeyboardEvent const&, WebCore::Page*) + 113 29 com.apple.WebKit2 0x0000000111407850 WebKit::WebPage::keyEvent(WebKit::WebKeyboardEvent const&) + 56 30 com.apple.WebKit2 0x000000011141c689 void IPC::handleMessage<Messages::WebPage::KeyEvent, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&)>(IPC::MessageDecoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&)) + 83 31 com.apple.WebKit2 0x0000000111419f49 WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection*, IPC::MessageDecoder&) + 1197 32 com.apple.WebKit2 0x0000000111323fe3 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection*, IPC::MessageDecoder&) + 125 33 com.apple.WebKit2 0x000000011146174e WebKit::WebProcess::didReceiveMessage(IPC::Connection*, IPC::MessageDecoder&) + 28 34 com.apple.WebKit2 0x00000001112d07ee IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) + 94 35 com.apple.WebKit2 0x00000001112d285a IPC::Connection::dispatchOneMessage() + 106 36 com.apple.JavaScriptCore 0x0000000111bd1085 WTF::RunLoop::performWork() + 421 37 com.apple.JavaScriptCore 0x0000000111bd1762 WTF::RunLoop::performWork(void*) + 34 38 com.apple.CoreFoundation 0x00007fff8bfdc661 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 39 com.apple.CoreFoundation 0x00007fff8bfcdd12 __CFRunLoopDoSources0 + 242 40 com.apple.CoreFoundation 0x00007fff8bfcd49f __CFRunLoopRun + 831 41 com.apple.CoreFoundation 0x00007fff8bfccf25 CFRunLoopRunSpecific + 309 42 com.apple.HIToolbox 0x00007fff9311ca0d RunCurrentEventLoopInMode + 226 43 com.apple.HIToolbox 0x00007fff9311c7b7 ReceiveNextEventCommon + 479 44 com.apple.HIToolbox 0x00007fff9311c5bc _BlockUntilNextEventMatchingListInModeWithFilter + 65 45 com.apple.AppKit 0x00007fff9453126e _DPSNextEvent + 1434 46 com.apple.AppKit 0x00007fff945308bb -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 122 47 com.apple.AppKit 0x00007fff945249bc -[NSApplication run] + 553 48 com.apple.AppKit 0x00007fff9450f7a3 NSApplicationMain + 940 49 com.apple.XPCService 0x00007fff8e2d1c0f _xpc_main + 385 50 libxpc.dylib 0x00007fff91447bde xpc_main + 399 51 com.apple.WebKit.WebContent.Development 0x000000010de746a0 main + 16 52 libdyld.dylib 0x00007fff8d9d95fd start + 1 Expected result: WebKit does not crash.