WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED CONFIGURATION CHANGED
151602
ASSERTION FAILED: forward ? nativeIndex < nativeLength : nativeIndex <= nativeLength in WebCore::textUTF16ContextAwareMoveInPrimaryContext
https://bugs.webkit.org/show_bug.cgi?id=151602
Summary
ASSERTION FAILED: forward ? nativeIndex < nativeLength : nativeIndex <= nativ...
Renata Hodovan
Reported
2015-11-25 07:25:34 PST
Created
attachment 266160
[details]
Test Load the attached test with debug MiniBrowser: <script> window.onload = function() { document.designMode = 'on'; document.execCommand('selectAll'); document.execCommand('indent'); } </script> <style> *, h2::first-letter { white-space: pre-wrap; } </style> <h2>x􏑇</h2> OS: Ubuntu 15.10 x86_64 Checked build: debug EFL Checked version: 3898028 Backtrace: ASSERTION FAILED: forward ? nativeIndex < nativeLength : nativeIndex <= nativeLength ../../Source/WebCore/platform/text/icu/UTextProviderUTF16.cpp(71) : void WebCore::textUTF16ContextAwareMoveInPrimaryContext(UText*, int64_t, int64_t, UBool) 1 0x7f78f98a674e WTFCrash 2 0x7f78f85c80f3 3 0x7f78f85c82b0 4 0x7f78f85c86e5 5 0x7f78eabacbf2 utext_setNativeIndex_55 6 0x7f78eabea798 icu_55::RuleBasedBreakIterator::handlePrevious(icu_55::RBBIStateTable const*) 7 0x7f78eabeada2 icu_55::RuleBasedBreakIterator::following(int) 8 0x7f78f85b8e25 WebCore::textBreakFollowing(WebCore::TextBreakIterator*, int) 9 0x7f78f87f5d2a int WebCore::nextBreakablePositionNonLoosely<unsigned short, (WebCore::NBSPBehavior)0>(WebCore::LazyLineBreakIterator&, unsigned short const*, unsigned int, int) 10 0x7f78f87f4617 WebCore::nextBreakablePositionIgnoringNBSP(WebCore::LazyLineBreakIterator&, int) 11 0x7f78f87f4931 WebCore::isBreakable(WebCore::LazyLineBreakIterator&, int, int&, bool, bool, bool) 12 0x7f78f884c86e WebCore::BreakingContext::handleText(WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow, 16ul>&, bool&, unsigned int&) 13 0x7f78f8847694 WebCore::LineBreaker::nextLineBreak(WebCore::BidiResolverWithIsolate<WebCore::InlineIterator, WebCore::BidiRun, WebCore::BidiIsolatedRun>&, WebCore::LineInfo&, WebCore::LineLayoutState&, WebCore::RenderTextInfo&, WebCore::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow, 16ul>&) 14 0x7f78f864c24e WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolverWithIsolate<WebCore::InlineIterator, WebCore::BidiRun, WebCore::BidiIsolatedRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) 15 0x7f78f864be06 WebCore::RenderBlockFlow::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) 16 0x7f78f864e757 WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 17 0x7f78f8629687 WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 18 0x7f78f86289c8 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 19 0x7f78f85fa8c8 WebCore::RenderBlock::layout() 20 0x7f78f8629a4e WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 21 0x7f78f862958c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 22 0x7f78f86289ec WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 23 0x7f78f85fa8c8 WebCore::RenderBlock::layout() 24 0x7f78f8629a4e WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 25 0x7f78f862958c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 26 0x7f78f86289ec WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 27 0x7f78f85fa8c8 WebCore::RenderBlock::layout() 28 0x7f78f8629a4e WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 29 0x7f78f862958c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 30 0x7f78f86289ec WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 31 0x7f78f85fa8c8 WebCore::RenderBlock::layout() Aborted (core dumped) Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f78f98a6753 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; [Current thread is 1 (Thread 0x7f78fd3f4a80 (LWP 13158))] (gdb) bt #0 0x00007f78f98a6753 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x00007f78f85c80f3 in WebCore::textUTF16ContextAwareMoveInPrimaryContext (text=0x17f0410, nativeIndex=3, nativeLength=3, forward=1 '\001') at ../../Source/WebCore/platform/text/icu/UTextProviderUTF16.cpp:71 #2 0x00007f78f85c82b0 in WebCore::textUTF16ContextAwareSwitchToPrimaryContext (text=0x17f0410, nativeIndex=3, nativeLength=3, forward=1 '\001') at ../../Source/WebCore/platform/text/icu/UTextProviderUTF16.cpp:89 #3 0x00007f78f85c86e5 in WebCore::uTextUTF16ContextAwareAccess (text=0x17f0410, nativeIndex=3, forward=1 '\001') at ../../Source/WebCore/platform/text/icu/UTextProviderUTF16.cpp:143 #4 0x00007f78eabacbf2 in utext_setNativeIndex_55 () from /usr/lib/x86_64-linux-gnu/libicuuc.so.55 #5 0x00007f78eabea798 in icu_55::RuleBasedBreakIterator::handlePrevious(icu_55::RBBIStateTable const*) () from /usr/lib/x86_64-linux-gnu/libicuuc.so.55 #6 0x00007f78eabeada2 in icu_55::RuleBasedBreakIterator::following(int) () from /usr/lib/x86_64-linux-gnu/libicuuc.so.55 #7 0x00007f78f85b8e25 in WebCore::textBreakFollowing (iterator=0x17f0260, pos=1) at ../../Source/WebCore/platform/text/TextBreakIterator.cpp:867 #8 0x00007f78f87f5d2a in WebCore::nextBreakablePositionNonLoosely<unsigned short, (WebCore::NBSPBehavior)0> (lazyBreakIterator=..., str=0x7f78d8f747ac, length=1, pos=0) at ../../Source/WebCore/rendering/break_lines.h:108 #9 0x00007f78f87f4617 in WebCore::nextBreakablePositionIgnoringNBSP (lazyBreakIterator=..., pos=0) at ../../Source/WebCore/rendering/break_lines.h:203 #10 0x00007f78f87f4931 in WebCore::isBreakable (lazyBreakIterator=..., pos=0, nextBreakable=@0x7ffcb22b5f00: -1, breakNBSP=false, isLooseMode=false, keepAllWords=false) at ../../Source/WebCore/rendering/break_lines.h:241 #11 0x00007f78f884c86e in WebCore::BreakingContext::handleText (this=0x7ffcb22b6180, wordMeasurements=..., hyphenated=@0x7ffcb22b6478: false, consecutiveHyphenatedLines=@0x7ffcb22b6308: 0) at ../../Source/WebCore/rendering/line/BreakingContext.h:808 #12 0x00007f78f8847694 in WebCore::LineBreaker::nextLineBreak (this=0x7ffcb22b6470, resolver=..., lineInfo=..., layoutState=..., renderTextInfo=..., lastFloatFromPreviousLine=0x0, consecutiveHyphenatedLines=0, wordMeasurements=...) at ../../Source/WebCore/rendering/line/LineBreaker.cpp:110 #13 0x00007f78f864c24e in WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange (this=0x7f78d8fb7450, layoutState=..., resolver=..., cleanLineStart=..., cleanLineBidiStatus=..., consecutiveHyphenatedLines=0) at ../../Source/WebCore/rendering/RenderBlockLineLayout.cpp:1264 #14 0x00007f78f864be06 in WebCore::RenderBlockFlow::layoutRunsAndFloats (this=0x7f78d8fb7450, layoutState=..., hasInlineChild=true) at ../../Source/WebCore/rendering/RenderBlockLineLayout.cpp:1217 #15 0x00007f78f864e757 in WebCore::RenderBlockFlow::layoutLineBoxes (this=0x7f78d8fb7450, relayoutChildren=false, repaintLogicalTop=..., repaintLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockLineLayout.cpp:1647 #16 0x00007f78f8629687 in WebCore::RenderBlockFlow::layoutInlineChildren (this=0x7f78d8fb7450, relayoutChildren=false, repaintLogicalTop=..., repaintLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:651 #17 0x00007f78f86289c8 in WebCore::RenderBlockFlow::layoutBlock (this=0x7f78d8fb7450, relayoutChildren=false, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:483 #18 0x00007f78f85fa8c8 in WebCore::RenderBlock::layout (this=0x7f78d8fb7450) at ../../Source/WebCore/rendering/RenderBlock.cpp:931 #19 0x00007f78f8629a4e in WebCore::RenderBlockFlow::layoutBlockChild (this=0x7f78d8fb7398, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:709 #20 0x00007f78f862958c in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7f78d8fb7398, relayoutChildren=false, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:632 #21 0x00007f78f86289ec in WebCore::RenderBlockFlow::layoutBlock (this=0x7f78d8fb7398, relayoutChildren=false, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:485 #22 0x00007f78f85fa8c8 in WebCore::RenderBlock::layout (this=0x7f78d8fb7398) at ../../Source/WebCore/rendering/RenderBlock.cpp:931 #23 0x00007f78f8629a4e in WebCore::RenderBlockFlow::layoutBlockChild (this=0x7f78d8fb72e0, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:709 #24 0x00007f78f862958c in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7f78d8fb72e0, relayoutChildren=false, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:632 #25 0x00007f78f86289ec in WebCore::RenderBlockFlow::layoutBlock (this=0x7f78d8fb72e0, relayoutChildren=false, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:485 #26 0x00007f78f85fa8c8 in WebCore::RenderBlock::layout (this=0x7f78d8fb72e0) at ../../Source/WebCore/rendering/RenderBlock.cpp:931 #27 0x00007f78f8629a4e in WebCore::RenderBlockFlow::layoutBlockChild (this=0x7f78d8edd228, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:709 #28 0x00007f78f862958c in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7f78d8edd228, relayoutChildren=false, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:632 #29 0x00007f78f86289ec in WebCore::RenderBlockFlow::layoutBlock (this=0x7f78d8edd228, relayoutChildren=false, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:485 #30 0x00007f78f85fa8c8 in WebCore::RenderBlock::layout (this=0x7f78d8edd228) at ../../Source/WebCore/rendering/RenderBlock.cpp:931 #31 0x00007f78f8811131 in WebCore::RenderView::layoutContent (this=0x7f78d8edd228, state=...) at ../../Source/WebCore/rendering/RenderView.cpp:253 #32 0x00007f78f8811829 in WebCore::RenderView::layout (this=0x7f78d8edd228) at ../../Source/WebCore/rendering/RenderView.cpp:378 #33 0x00007f78f83d7448 in WebCore::FrameView::layout (this=0x7f78d8c0c000, allowSubtree=true) at ../../Source/WebCore/page/FrameView.cpp:1427 #34 0x00007f78f7e26d27 in WebCore::Document::updateLayout (this=0x7f78d8c1d900) at ../../Source/WebCore/dom/Document.cpp:1917 #35 0x00007f78f7e26e3e in WebCore::Document::updateLayoutIgnorePendingStylesheets (this=0x7f78d8c1d900, runPostLayoutTasks=WebCore::Document::RunPostLayoutTasks::Asynchronously) at ../../Source/WebCore/dom/Document.cpp:1949 #36 0x00007f78f7fdc710 in WebCore::VisiblePosition::canonicalPosition (this=0x7ffcb22b8fe0, passedPosition=...) at ../../Source/WebCore/editing/VisiblePosition.cpp:519 #37 0x00007f78f7fda114 in WebCore::VisiblePosition::init (this=0x7ffcb22b8fe0, position=..., affinity=WebCore::DOWNSTREAM) at ../../Source/WebCore/editing/VisiblePosition.cpp:58 #38 0x00007f78f7fda0aa in WebCore::VisiblePosition::VisiblePosition (this=0x7ffcb22b8fe0, pos=..., affinity=WebCore::DOWNSTREAM) at ../../Source/WebCore/editing/VisiblePosition.cpp:51 #39 0x00007f78f913fb41 in WebCore::ApplyBlockElementCommand::formatSelection (this=0x7f78d8edc000, startOfSelection=..., endOfSelection=...) at ../../Source/WebCore/editing/ApplyBlockElementCommand.cpp:131 #40 0x00007f78f7fa6d8b in WebCore::IndentOutdentCommand::formatSelection (this=0x7f78d8edc000, startOfSelection=..., endOfSelection=...) at ../../Source/WebCore/editing/IndentOutdentCommand.cpp:226 #41 0x00007f78f913f216 in WebCore::ApplyBlockElementCommand::doApply (this=0x7f78d8edc000) at ../../Source/WebCore/editing/ApplyBlockElementCommand.cpp:90 #42 0x00007f78f91553a0 in WebCore::CompositeEditCommand::apply (this=0x7f78d8edc000) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:227 #43 0x00007f78f9155167 in WebCore::applyCommand (command=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:186 #44 0x00007f78f7f8ce22 in WebCore::executeIndent (frame=...) at ../../Source/WebCore/editing/EditorCommand.cpp:456 #45 0x00007f78f7f910ca in WebCore::Editor::Command::execute (this=0x7ffcb22b9530, parameter=..., triggeringEvent=0x0) at ../../Source/WebCore/editing/EditorCommand.cpp:1703 #46 0x00007f78f7e3288d in WebCore::Document::execCommand (this=0x7f78d8c1d900, commandName=..., userInterface=false, value=...) at ../../Source/WebCore/dom/Document.cpp:4657 #47 0x00007f78f95950c9 in WebCore::jsDocumentPrototypeFunctionExecCommand (state=0x7ffcb22b9600) at DerivedSources/WebCore/JSDocument.cpp:5066 #48 0x00007f7893fff0c8 in ?? () #49 0x00007ffcb22b9680 in ?? () #50 0x00007f78ed083d98 in llint_entry () from webkit/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.1
Attachments
Test
(245 bytes, text/html)
2015-11-25 07:25 PST
,
Renata Hodovan
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Brent Fulgham
Comment 1
2016-08-05 09:14:10 PDT
This reproduces in
r204037
.
Radar WebKit Bug Importer
Comment 2
2016-08-05 09:14:40 PDT
<
rdar://problem/27720095
>
Myles C. Maxfield
Comment 3
2016-12-08 23:19:31 PST
The prior context has code units U+78 and U+dbfd and the string itself has code unit U+dc47. The high-valued code units, when taken together as a UTF-16 surrogate pair, encode unicode value U+10f447.
Myles C. Maxfield
Comment 4
2016-12-09 00:01:02 PST
We're setting the text of a RenderText to be an unpaired surrogate.
Myles C. Maxfield
Comment 5
2016-12-09 00:01:25 PST
This occurs in RenderText::setText().
Myles C. Maxfield
Comment 6
2016-12-09 00:06:27 PST
The constructor of SplitTextNodeCommand is getting an offset that splits a surrogate pair.
Myles C. Maxfield
Comment 7
2016-12-09 11:21:51 PST
It looks like findEndOfParagraph() in VisibleUnits.cpp doesn't understand about ::first-letter. It asks for the node's renderer(), then asks the renderer for an offset within itself, but then blindly applies that offset to the node itself. IIRC there are more situations where offsets in the renderer's text may not match offsets in the node's text (if memory serves, there is at least one single-code-unit code point which text-transform: uppercase will cause to expand into multiple code units)
Myles C. Maxfield
Comment 8
2016-12-09 11:57:53 PST
It looks like, even if you hardcode the offset to be 3 in endOfParagraph(), VisiblePosition::canonicalPosition() will set it back to 2. ApplyBlockElementCommand::formatSelection() operates on VisiblePositions.
Myles C. Maxfield
Comment 9
2016-12-09 12:02:53 PST
Hardcoding splitTextNode() to use an offset which doesn't split a surrogate pair causes this ASSERT() to stop firing.
Ahmad Saleem
Comment 10
2023-01-20 11:05:57 PST
I am not able to hit this assert using attached test case using Minibrowser WK2 Debug build as of
259136@main
.
Brent Fulgham
Comment 11
2024-01-22 15:19:12 PST
Closing based on Ahmad's testing.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug