151603 – ASSERTION FAILED: comparePositions(start, end) <= 0 in WebCore::CompositeEditCommand::cloneParagraphUnderNewElement

Bug 151603 - ASSERTION FAILED: comparePositions(start, end) <= 0 in WebCore::CompositeEditCommand::cloneParagraphUnderNewElement

Summary: ASSERTION FAILED: comparePositions(start, end) <= 0 in WebCore::CompositeEdit...

Status:	RESOLVED CONFIGURATION CHANGED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	HTML Editing (show other bugs)
Version:	WebKit Local Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:	116980
	Show dependency tree / graph

Reported:	2015-11-25 07:33 PST by Renata Hodovan
Modified:	2023-01-03 23:19 PST (History)
CC List:	5 users (show)

See Also:

Attachments
Test (219 bytes, text/html) 2015-11-25 07:33 PST, Renata Hodovan	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Renata Hodovan 2015-11-25 07:33:07 PST

Created attachment 266162 [details]
Test

Load the attached test with debug MiniBrowser:

<script>
window.onload = function() {
    document.designMode = 'on';
    document.execCommand('selectAll');
    document.execCommand('indent');
}
</script>
<style>
* {
    display: table-cell;
}
</style>
<base>a</base>


OS: Ubuntu 15.10 x86_64
Checked build: debug EFL
Checked version: 79922a5


Backtrace:

ASSERTION FAILED: comparePositions(start, end) <= 0
../../Source/WebCore/editing/CompositeEditCommand.cpp(1056) : void WebCore::CompositeEditCommand::cloneParagraphUnderNewElement(const WebCore::Position&, const WebCore::Position&, WebCore::Node*, WebCore::Element*)
1   0x7f784cd1482c WTFCrash
2   0x7f784c5c9931 WebCore::CompositeEditCommand::cloneParagraphUnderNewElement(WebCore::Position const&, WebCore::Position const&, WebCore::Node*, WebCore::Element*)
3   0x7f784c5ca857 WebCore::CompositeEditCommand::moveParagraphWithClones(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, WebCore::Element*, WebCore::Node*)
4   0x7f784b4144e6 WebCore::IndentOutdentCommand::indentIntoBlockquote(WebCore::Position const&, WebCore::Position const&, WTF::RefPtr<WebCore::Element>&)
5   0x7f784b415d88 WebCore::IndentOutdentCommand::formatRange(WebCore::Position const&, WebCore::Position const&, WebCore::Position const&, WTF::RefPtr<WebCore::Element>&)
6   0x7f784c5adb2f WebCore::ApplyBlockElementCommand::formatSelection(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&)
7   0x7f784b415d09 WebCore::IndentOutdentCommand::formatSelection(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&)
8   0x7f784c5acd9e WebCore::ApplyBlockElementCommand::doApply()
9   0x7f784c5c2f28 WebCore::CompositeEditCommand::apply()
10  0x7f784c5c2cef WebCore::applyCommand(WTF::PassRefPtr<WebCore::CompositeEditCommand>)
11  0x7f784b3fbda0
12  0x7f784b400048 WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const
13  0x7f784b2a188d WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&)
14  0x7f784ca03583 WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::ExecState*)
15  0x7f77e77ff0c8
Aborted (core dumped)

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f784cd14831 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321     *(int *)(uintptr_t)0xbbadbeef = 0;
[Current thread is 1 (Thread 0x7f7850861a80 (LWP 27717))]
#0  0x00007f784cd14831 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1  0x00007f784c5c9931 in WebCore::CompositeEditCommand::cloneParagraphUnderNewElement (this=0x7f7827adc000, start=..., end=..., passedOuterNode=0x7f7827be3958, blockElement=0x7f7827beb000) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:1056
#2  0x00007f784c5ca857 in WebCore::CompositeEditCommand::moveParagraphWithClones (this=0x7f7827adc000, startOfParagraphToMove=..., endOfParagraphToMove=..., blockElement=0x7f7827beb000, outerNode=0x7f7827be3958) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:1181
#3  0x00007f784b4144e6 in WebCore::IndentOutdentCommand::indentIntoBlockquote (this=0x7f7827adc000, start=..., end=..., targetBlockquote=...) at ../../Source/WebCore/editing/IndentOutdentCommand.cpp:117
#4  0x00007f784b415d88 in WebCore::IndentOutdentCommand::formatRange (this=0x7f7827adc000, start=..., end=..., blockquoteForNextIndent=...) at ../../Source/WebCore/editing/IndentOutdentCommand.cpp:236
#5  0x00007f784c5adb2f in WebCore::ApplyBlockElementCommand::formatSelection (this=0x7f7827adc000, startOfSelection=..., endOfSelection=...) at ../../Source/WebCore/editing/ApplyBlockElementCommand.cpp:145
#6  0x00007f784b415d09 in WebCore::IndentOutdentCommand::formatSelection (this=0x7f7827adc000, startOfSelection=..., endOfSelection=...) at ../../Source/WebCore/editing/IndentOutdentCommand.cpp:226
#7  0x00007f784c5acd9e in WebCore::ApplyBlockElementCommand::doApply (this=0x7f7827adc000) at ../../Source/WebCore/editing/ApplyBlockElementCommand.cpp:90
#8  0x00007f784c5c2f28 in WebCore::CompositeEditCommand::apply (this=0x7f7827adc000) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:227
#9  0x00007f784c5c2cef in WebCore::applyCommand (command=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:186
#10 0x00007f784b3fbda0 in WebCore::executeIndent (frame=...) at ../../Source/WebCore/editing/EditorCommand.cpp:456
#11 0x00007f784b400048 in WebCore::Editor::Command::execute (this=0x7ffcbcd62820, parameter=..., triggeringEvent=0x0) at ../../Source/WebCore/editing/EditorCommand.cpp:1703
#12 0x00007f784b2a188d in WebCore::Document::execCommand (this=0x7f782781d900, commandName=..., userInterface=false, value=...) at ../../Source/WebCore/dom/Document.cpp:4657
#13 0x00007f784ca03583 in WebCore::jsDocumentPrototypeFunctionExecCommand (state=0x7ffcbcd628f0) at DerivedSources/WebCore/JSDocument.cpp:5066
#14 0x00007f77e77ff0c8 in ?? ()
#15 0x00007ffcbcd62970 in ?? ()
#16 0x00007f78404f1636 in llint_entry () from webkit/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.1

Comment 1 Brent Fulgham 2016-08-05 09:15:11 PDT

This reproduces in r204037.

Comment 2 Radar WebKit Bug Importer 2016-08-05 09:15:38 PDT

<rdar://problem/27720115>

Comment 3 Ahmad Saleem 2022-11-15 09:33:02 PST

We don't have following assertion now:

https://github.com/WebKit/WebKit/blob/5780eeea65cd07eaeb33633e80b07c8c2765d2f7/Source/WebCore/editing/CompositeEditCommand.cpp#L1267

With comparePositions and in same form.

Comment 4 Ahmad Saleem 2023-01-03 18:25:59 PST

We imported the test from this Blink commit and we don't crash:

Blink commit - https://src.chromium.org/viewvc/blink?view=revision&revision=174796

WebKit Source - https://searchfox.org/wubkat/source/Source/WebCore/editing/CompositeEditCommand.cpp#1406

It is fixing same assertion, should I change testcase from Comment 0 and land this commit and see if we crash on Debug builds?

Comment 5 Ryosuke Niwa 2023-01-03 23:19:43 PST

Sounds like there is nothing to do at this point then.