152111 – ASSERTION FAILED: inlineBox == m_inlineBoxWrapper in WebCore::RenderLineBreak::localCaretRect

Bug 152111 - ASSERTION FAILED: inlineBox == m_inlineBoxWrapper in WebCore::RenderLineBreak::localCaretRect

Summary: ASSERTION FAILED: inlineBox == m_inlineBoxWrapper in WebCore::RenderLineBreak...

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Layout and Rendering (show other bugs)
Version:	WebKit Local Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:	116980
	Show dependency tree / graph

Reported:	2015-12-10 01:45 PST by Renata Hodovan
Modified:	2018-01-16 11:30 PST (History)
CC List:	5 users (show)

See Also:

Attachments
Test (146 bytes, text/html) 2015-12-10 01:45 PST, Renata Hodovan	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Renata Hodovan 2015-12-10 01:45:26 PST

Created attachment 267080 [details]
Test

Load the attached test with debug MiniBrowser:

<script>
window.onload = function() {
    document.getElementById('id_7').focus()
}
</script>
<em id="id_7" contenteditable>
<var><wbr><svg></svg>

OS: Ubuntu 15.10 x86_64
Checked build: debug EFL
Checked version: 2559fac


Backtrace:
ASSERTION FAILED: inlineBox == m_inlineBoxWrapper
../../Source/WebCore/rendering/RenderLineBreak.cpp(172) : virtual WebCore::LayoutRect WebCore::RenderLineBreak::localCaretRect(WebCore::InlineBox*, int, WebCore::LayoutUnit*)
1   0x7fa47cbf6fb8 WTFCrash
2   0x7fa47bab77ea WebCore::RenderLineBreak::localCaretRect(WebCore::InlineBox*, int, WebCore::LayoutUnit*)
3   0x7fa47b32f81e WebCore::VisiblePosition::localCaretRect(WebCore::RenderObject*&) const
4   0x7fa47b349756 WebCore::localCaretRectInRendererForCaretPainting(WebCore::VisiblePosition const&, WebCore::RenderBlock*&)
5   0x7fa47b2f0966 WebCore::CaretBase::updateCaretRect(WebCore::Document*, WebCore::VisiblePosition const&)
6   0x7fa47b2f0ded WebCore::FrameSelection::recomputeCaretRect()
7   0x7fa47b2f36c4 WebCore::FrameSelection::updateAppearance()
8   0x7fa47b2e9985 WebCore::FrameSelection::updateAndRevealSelection(WebCore::AXTextStateChangeIntent const&)
9   0x7fa47b2e98aa WebCore::FrameSelection::setSelection(WebCore::VisibleSelection const&, unsigned int, WebCore::AXTextStateChangeIntent, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity)
10  0x7fa47b1ee6ea WebCore::Element::updateFocusAppearance(WebCore::SelectionRestorationMode, WebCore::SelectionRevealMode)
11  0x7fa47b1ee41f WebCore::Element::focus(bool, WebCore::FocusDirection)
12  0x7fa47bf0584c WebCore::jsElementPrototypeFunctionFocus(JSC::ExecState*)
13  0x7fa417fff0c8
Aborted (core dumped)

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007fa47cbf6fbd in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321     *(int *)(uintptr_t)0xbbadbeef = 0;
[Current thread is 1 (Thread 0x7fa48072ca80 (LWP 9860))]
#0  0x00007fa47cbf6fbd in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1  0x00007fa47bab77ea in WebCore::RenderLineBreak::localCaretRect (this=0x7fa45c5e2c98, inlineBox=0x0, caretOffset=0, extraWidthToEndOfLine=0x0) at ../../Source/WebCore/rendering/RenderLineBreak.cpp:172
#2  0x00007fa47b32f81e in WebCore::VisiblePosition::localCaretRect (this=0x7ffcddd36490, renderer=@0x7ffcddd36360: 0x7fa45c5e2c98) at ../../Source/WebCore/editing/VisiblePosition.cpp:619
#3  0x00007fa47b349756 in WebCore::localCaretRectInRendererForCaretPainting (caretPosition=..., caretPainter=@0x7ffcddd363e0: 0x7fa45c568230) at ../../Source/WebCore/editing/htmlediting.cpp:1330
#4  0x00007fa47b2f0966 in WebCore::CaretBase::updateCaretRect (this=0x7fa45c568230, document=0x7fa45c41d9c0, caretPosition=...) at ../../Source/WebCore/editing/FrameSelection.cpp:1415
#5  0x00007fa47b2f0ded in WebCore::FrameSelection::recomputeCaretRect (this=0x7fa45c568230) at ../../Source/WebCore/editing/FrameSelection.cpp:1469
#6  0x00007fa47b2f36c4 in WebCore::FrameSelection::updateAppearance (this=0x7fa45c568230) at ../../Source/WebCore/editing/FrameSelection.cpp:1889
#7  0x00007fa47b2e9985 in WebCore::FrameSelection::updateAndRevealSelection (this=0x7fa45c568230, intent=...) at ../../Source/WebCore/editing/FrameSelection.cpp:378
#8  0x00007fa47b2e98aa in WebCore::FrameSelection::setSelection (this=0x7fa45c568230, selection=..., options=6, intent=..., align=WebCore::FrameSelection::AlignCursorOnScrollIfNeeded, granularity=WebCore::CharacterGranularity) at ../../Source/WebCore/editing/FrameSelection.cpp:352
#9  0x00007fa47b1ee6ea in WebCore::Element::updateFocusAppearance (this=0x7fa45c5e2a28, revealMode=WebCore::SelectionRevealMode::Reveal) at ../../Source/WebCore/dom/Element.cpp:2268
#10 0x00007fa47b1ee41f in WebCore::Element::focus (this=0x7fa45c5e2a28, restorePreviousSelection=true, direction=WebCore::FocusDirectionNone) at ../../Source/WebCore/dom/Element.cpp:2233
#11 0x00007fa47bf0584c in WebCore::jsElementPrototypeFunctionFocus (state=0x7ffcddd368f0) at DerivedSources/WebCore/JSElement.cpp:5075
#12 0x00007fa417fff0c8 in ?? ()
#13 0x00007ffcddd36970 in ?? ()
#14 0x00007fa4703be57c in llint_entry () from webkit/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.1

Comment 1 Brent Fulgham 2016-08-05 09:18:22 PDT

This reproduces in r204037.

Comment 2 Radar WebKit Bug Importer 2016-08-05 09:18:39 PDT

<rdar://problem/27720168>

Comment 3 Myles C. Maxfield 2018-01-16 11:30:49 PST

Reproduces in r226920.