151603 – ASSERTION FAILED: comparePositions(start, end) <= 0 in WebCore::CompositeEditCommand::cloneParagraphUnderNewElement

RESOLVED CONFIGURATION CHANGED 151603

ASSERTION FAILED: comparePositions(start, end) <= 0 in WebCore::CompositeEditCommand::cloneParagraphUnderNewElement

https://bugs.webkit.org/show_bug.cgi?id=151603

Summary ASSERTION FAILED: comparePositions(start, end) <= 0 in WebCore::CompositeEdit...

Renata Hodovan

Reported 2015-11-25 07:33:07 PST

Created attachment 266162 [details] Test Load the attached test with debug MiniBrowser: <script> window.onload = function() { document.designMode = 'on'; document.execCommand('selectAll'); document.execCommand('indent'); } </script> <style> * { display: table-cell; } </style> <base>a</base> OS: Ubuntu 15.10 x86_64 Checked build: debug EFL Checked version: 79922a5 Backtrace: ASSERTION FAILED: comparePositions(start, end) <= 0 ../../Source/WebCore/editing/CompositeEditCommand.cpp(1056) : void WebCore::CompositeEditCommand::cloneParagraphUnderNewElement(const WebCore::Position&, const WebCore::Position&, WebCore::Node*, WebCore::Element*) 1 0x7f784cd1482c WTFCrash 2 0x7f784c5c9931 WebCore::CompositeEditCommand::cloneParagraphUnderNewElement(WebCore::Position const&, WebCore::Position const&, WebCore::Node*, WebCore::Element*) 3 0x7f784c5ca857 WebCore::CompositeEditCommand::moveParagraphWithClones(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, WebCore::Element*, WebCore::Node*) 4 0x7f784b4144e6 WebCore::IndentOutdentCommand::indentIntoBlockquote(WebCore::Position const&, WebCore::Position const&, WTF::RefPtr<WebCore::Element>&) 5 0x7f784b415d88 WebCore::IndentOutdentCommand::formatRange(WebCore::Position const&, WebCore::Position const&, WebCore::Position const&, WTF::RefPtr<WebCore::Element>&) 6 0x7f784c5adb2f WebCore::ApplyBlockElementCommand::formatSelection(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&) 7 0x7f784b415d09 WebCore::IndentOutdentCommand::formatSelection(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&) 8 0x7f784c5acd9e WebCore::ApplyBlockElementCommand::doApply() 9 0x7f784c5c2f28 WebCore::CompositeEditCommand::apply() 10 0x7f784c5c2cef WebCore::applyCommand(WTF::PassRefPtr<WebCore::CompositeEditCommand>) 11 0x7f784b3fbda0 12 0x7f784b400048 WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const 13 0x7f784b2a188d WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) 14 0x7f784ca03583 WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::ExecState*) 15 0x7f77e77ff0c8 Aborted (core dumped) Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f784cd14831 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; [Current thread is 1 (Thread 0x7f7850861a80 (LWP 27717))] #0 0x00007f784cd14831 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x00007f784c5c9931 in WebCore::CompositeEditCommand::cloneParagraphUnderNewElement (this=0x7f7827adc000, start=..., end=..., passedOuterNode=0x7f7827be3958, blockElement=0x7f7827beb000) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:1056 #2 0x00007f784c5ca857 in WebCore::CompositeEditCommand::moveParagraphWithClones (this=0x7f7827adc000, startOfParagraphToMove=..., endOfParagraphToMove=..., blockElement=0x7f7827beb000, outerNode=0x7f7827be3958) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:1181 #3 0x00007f784b4144e6 in WebCore::IndentOutdentCommand::indentIntoBlockquote (this=0x7f7827adc000, start=..., end=..., targetBlockquote=...) at ../../Source/WebCore/editing/IndentOutdentCommand.cpp:117 #4 0x00007f784b415d88 in WebCore::IndentOutdentCommand::formatRange (this=0x7f7827adc000, start=..., end=..., blockquoteForNextIndent=...) at ../../Source/WebCore/editing/IndentOutdentCommand.cpp:236 #5 0x00007f784c5adb2f in WebCore::ApplyBlockElementCommand::formatSelection (this=0x7f7827adc000, startOfSelection=..., endOfSelection=...) at ../../Source/WebCore/editing/ApplyBlockElementCommand.cpp:145 #6 0x00007f784b415d09 in WebCore::IndentOutdentCommand::formatSelection (this=0x7f7827adc000, startOfSelection=..., endOfSelection=...) at ../../Source/WebCore/editing/IndentOutdentCommand.cpp:226 #7 0x00007f784c5acd9e in WebCore::ApplyBlockElementCommand::doApply (this=0x7f7827adc000) at ../../Source/WebCore/editing/ApplyBlockElementCommand.cpp:90 #8 0x00007f784c5c2f28 in WebCore::CompositeEditCommand::apply (this=0x7f7827adc000) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:227 #9 0x00007f784c5c2cef in WebCore::applyCommand (command=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:186 #10 0x00007f784b3fbda0 in WebCore::executeIndent (frame=...) at ../../Source/WebCore/editing/EditorCommand.cpp:456 #11 0x00007f784b400048 in WebCore::Editor::Command::execute (this=0x7ffcbcd62820, parameter=..., triggeringEvent=0x0) at ../../Source/WebCore/editing/EditorCommand.cpp:1703 #12 0x00007f784b2a188d in WebCore::Document::execCommand (this=0x7f782781d900, commandName=..., userInterface=false, value=...) at ../../Source/WebCore/dom/Document.cpp:4657 #13 0x00007f784ca03583 in WebCore::jsDocumentPrototypeFunctionExecCommand (state=0x7ffcbcd628f0) at DerivedSources/WebCore/JSDocument.cpp:5066 #14 0x00007f77e77ff0c8 in ?? () #15 0x00007ffcbcd62970 in ?? () #16 0x00007f78404f1636 in llint_entry () from webkit/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.1

Attachments
Test (219 bytes, text/html) 2015-11-25 07:33 PST, Renata Hodovan	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Brent Fulgham

Comment 1 2016-08-05 09:15:11 PDT

This reproduces in r204037.

Radar WebKit Bug Importer

Comment 2 2016-08-05 09:15:38 PDT

<rdar://problem/27720115>

Ahmad Saleem

Comment 3 2022-11-15 09:33:02 PST

We don't have following assertion now: https://github.com/WebKit/WebKit/blob/5780eeea65cd07eaeb33633e80b07c8c2765d2f7/Source/WebCore/editing/CompositeEditCommand.cpp#L1267 With comparePositions and in same form.

Ahmad Saleem

Comment 4 2023-01-03 18:25:59 PST

We imported the test from this Blink commit and we don't crash: Blink commit - https://src.chromium.org/viewvc/blink?view=revision&revision=174796 WebKit Source - https://searchfox.org/wubkat/source/Source/WebCore/editing/CompositeEditCommand.cpp#1406 It is fixing same assertion, should I change testcase from Comment 0 and land this commit and see if we crash on Debug builds?

Ryosuke Niwa

Comment 5 2023-01-03 23:19:43 PST

Sounds like there is nothing to do at this point then.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution CONFIGURATION CHANGED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Local Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component HTML Editing

Assignee

Nobody

Reported

2015-11-25 07:33 PST

Modified

2023-01-03 23:19 PST History

CC List

5 users Show

URL

Keywords InRadar

Depends on

Blocks

116980

Dependencies

tree graph