RESOLVED FIXED 143591
Regression(r182603): editing/selection/selection-invalid-offset.html is crashing 
https://bugs.webkit.org/show_bug.cgi?id=143591
Summary Regression(r182603): editing/selection/selection-invalid-offset.html is crashing
Chris Dumez
Reported 2015-04-09 17:15:14 PDT
editing/selection/selection-invalid-offset.html is crashing: Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000 VM Regions Near 0: --> __TEXT 00000001024ef000-00000001024f1000 [ 8K] r-x/rwx SM=COW /Volumes/VOLUME/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development Application Specific Information: CRASHING TEST: editing/selection/selection-in-iframe-removed-crash.html Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000010bbe7c01 WebCore::FrameSelection::updateAndRevealSelection() + 337 (FrameSelection.cpp:385) 1 com.apple.WebCore 0x000000010bbe6134 WebCore::FrameSelection::setSelection(WebCore::VisibleSelection const&, unsigned int, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity) + 308 (FrameSelection.cpp:345) 2 com.apple.WebCore 0x000000010bbe716c WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance(WebCore::VisibleSelection const&, unsigned int, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity) + 492 (FrameSelection.cpp:279) 3 com.apple.WebCore 0x000000010bbe6043 WebCore::FrameSelection::setSelection(WebCore::VisibleSelection const&, unsigned int, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity) + 67 (FrameSelection.cpp:325) 4 com.apple.WebCore 0x000000010bbe63ac WebCore::FrameSelection::moveTo(WebCore::Range const*) + 252 (FrameSelection.cpp:159) 5 com.apple.WebCore 0x000000010b973a5b WebCore::DOMSelection::addRange(WebCore::Range*) + 123 (DOMSelection.cpp:392) 6 com.apple.WebCore 0x000000010c1f348c WebCore::jsDOMSelectionPrototypeFunctionAddRange(JSC::ExecState*) + 492 (JSDOMSelection.cpp:562) 7 ??? 0x000024e7f1201028 0 + 40578601455656 8 com.apple.JavaScriptCore 0x0000000109a39946 llint_entry + 25850 9 com.apple.JavaScriptCore 0x0000000109a39946 llint_entry + 25850 10 com.apple.JavaScriptCore 0x0000000109a33209 vmEntryToJavaScript + 361 11 com.apple.JavaScriptCore 0x000000010989c69a JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 266 (JITCode.cpp:77) 12 com.apple.JavaScriptCore 0x000000010987fd01 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) + 4849 (Interpreter.cpp:857) 13 com.apple.JavaScriptCore 0x00000001093ceb00 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) + 480 (Completion.cpp:83) 14 com.apple.WebCore 0x000000010c3bb075 WebCore::JSMainThreadExecState::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) + 69 (JSMainThreadExecState.h:62) 15 com.apple.WebCore 0x000000010cdb49bd WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) + 317 (ScriptController.cpp:165) 16 com.apple.WebCore 0x000000010cdb6233 WebCore::ScriptController::executeScriptInWorld(WebCore::DOMWrapperWorld&, WTF::String const&, bool) + 307 (ScriptController.cpp:515) 17 com.apple.WebCore 0x000000010cdaa9ef WebCore::ScheduledAction::execute(WebCore::Document&) + 351 (ScheduledAction.cpp:127) 18 com.apple.WebCore 0x000000010cdaa863 WebCore::ScheduledAction::execute(WebCore::ScriptExecutionContext&) + 67 (ScheduledAction.cpp:78) 19 com.apple.WebCore 0x000000010b979100 WebCore::DOMTimer::fired() + 896 (DOMTimer.cpp:399) 20 com.apple.WebCore 0x000000010d21d09c WebCore::ThreadTimers::sharedTimerFiredInternal() + 396 (ThreadTimers.cpp:135) 21 com.apple.WebCore 0x000000010d21cd59 WebCore::ThreadTimers::sharedTimerFired() + 25 (ThreadTimers.cpp:108) 22 com.apple.WebCore 0x000000010c3d9a8a WebCore::timerFired(__CFRunLoopTimer*, void*) + 42 (SharedTimerCF.cpp:83) 23 com.apple.CoreFoundation 0x00007fff8e9c03e4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 24 com.apple.CoreFoundation 0x00007fff8e9bff1f __CFRunLoopDoTimer + 1151 25 com.apple.CoreFoundation 0x00007fff8ea315aa __CFRunLoopDoTimers + 298 26 com.apple.CoreFoundation 0x00007fff8e97b6a5 __CFRunLoopRun + 1525 27 com.apple.CoreFoundation 0x00007fff8e97ae75 CFRunLoopRunSpecific + 309 28 com.apple.HIToolbox 0x00007fff85021a0d RunCurrentEventLoopInMode + 226 29 com.apple.HIToolbox 0x00007fff850217b7 ReceiveNextEventCommon + 479 30 com.apple.HIToolbox 0x00007fff850215bc _BlockUntilNextEventMatchingListInModeWithFilter + 65 31 com.apple.AppKit 0x00007fff8ee8a24e _DPSNextEvent + 1434 32 com.apple.AppKit 0x00007fff8ee8989b -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 122 33 com.apple.AppKit 0x00007fff8ee7d99c -[NSApplication run] + 553 34 com.apple.AppKit 0x00007fff8ee68783 NSApplicationMain + 940 35 com.apple.XPCService 0x00007fff8cb13c0f _xpc_main + 385 36 libxpc.dylib 0x00007fff84dc1bde xpc_main + 399 37 com.apple.WebKit.WebContent.Development 0x00000001024f0195 main + 37 38 libdyld.dylib 0x00007fff8c6985fd start + 1
Attachments
Patch (1.44 KB, patch)
2015-04-09 17:17 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2015-04-09 17:17:17 PDT
Created attachment 250489 [details] Patch
Chris Dumez
Comment 2 2015-04-09 17:40:23 PDT
Comment on attachment 250489 [details] Patch Clearing flags on attachment: 250489 Committed r182619: <http://trac.webkit.org/changeset/182619>
Chris Dumez
Comment 3 2015-04-09 17:40:29 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.