WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
NEW
164078
ASSERTION FAILED: length in WebCore::TextIteratorCopyableText::set
https://bugs.webkit.org/show_bug.cgi?id=164078
Summary
ASSERTION FAILED: length in WebCore::TextIteratorCopyableText::set
Renata Hodovan
Reported
2016-10-27 14:17:05 PDT
Load the attached test with debug WebKitTestRunner: Checked version: 2c9fa6e OS: Darwin-15.6.0-x86_64-i386-64bit <script>window.onload = function() { try {arparent = dent.getElementById('id_0') ; try { var child = doById('id_0') } catch (err) {} d()}catch(e){}try{('') try{s()}catch(r){}try{}catch(e){}}catch(e){}try{('')}catch(r){}try{window.find('a')}catch(r){}}</script><style>*{display:table-footer-group;word-break:break-all Backtrace: ASSERTION FAILED: length WebKit/Source/WebCore/editing/TextIterator.cpp(315) : void WebCore::TextIteratorCopyableText::set(WTF::String &&, unsigned int, unsigned int) 1 0x1103ba4f1 WTFCrash 2 0x11ab6cd5e WebCore::TextIteratorCopyableText::set(WTF::String&&, unsigned int, unsigned int) 3 0x11ab5d8ac WebCore::TextIterator::emitText(WebCore::Text&, WebCore::RenderText&, int, int) 4 0x11ab5ac5f WebCore::TextIterator::handleTextNode() 5 0x11ab546f0 WebCore::TextIterator::advance() 6 0x11ab64ed8 WebCore::CharacterIterator::advance(int) 7 0x11ab69cd5 WebCore::findPlainText(WebCore::Range const&, WTF::String const&, unsigned char, unsigned long&) 8 0x11ab696e3 WebCore::findPlainText(WebCore::Range const&, WTF::String const&, unsigned char) 9 0x115b339f0 WebCore::Editor::rangeOfString(WTF::String const&, WebCore::Range*, unsigned char) 10 0x115b32bc1 WebCore::Editor::findString(WTF::String const&, unsigned char) 11 0x115a4d94a WebCore::DOMWindow::find(WTF::String const&, bool, bool, bool, bool, bool, bool) const 12 0x11751b4f3 WebCore::jsDOMWindowInstanceFunctionFind(JSC::ExecState*) 13 0x338d55001028 14 0x10fa3f994 llint_entry 15 0x10fa384ae vmEntryToJavaScript 16 0x10f4662be JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) 17 0x10f3316f1 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 18 0x10de1271b JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 19 0x10de12c38 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) 20 0x10de136ae JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) 21 0x116fdd1f1 WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) 22 0x1176f2bed WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) 23 0x115c6a3c9 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener>, 1ul, WTF::CrashOnOverflow, 16ul>) 24 0x115c69c16 WebCore::EventTarget::fireEventListeners(WebCore::Event&) 25 0x115a4192b WebCore::DOMWindow::dispatchEvent(WebCore::Event&, WebCore::EventTarget*) 26 0x115a58345 WebCore::DOMWindow::dispatchLoadEvent() 27 0x1157e6ad2 WebCore::Document::dispatchWindowLoadEvent() 28 0x1157dc54d WebCore::Document::implicitClose() 29 0x1160c21e3 WebCore::FrameLoader::checkCallImplicitClose() 30 0x1160c1ccc WebCore::FrameLoader::checkCompleted() 31 0x1160be177 WebCore::FrameLoader::finishedParsing() ASAN:DEADLYSIGNAL ================================================================= ==2412==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x0001103ba529 bp 0x7fff590e6e10 sp 0x7fff590e6e00 T0) #0 0x1103ba528 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2d01528) #1 0x11ab6cd5d in WebCore::TextIteratorCopyableText::set(WTF::String&&, unsigned int, unsigned int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x651cd5d) #2 0x11ab5d8ab in WebCore::TextIterator::emitText(WebCore::Text&, WebCore::RenderText&, int, int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x650d8ab) #3 0x11ab5ac5e in WebCore::TextIterator::handleTextNode() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x650ac5e) #4 0x11ab546ef in WebCore::TextIterator::advance() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x65046ef) #5 0x11ab64ed7 in WebCore::CharacterIterator::advance(int) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6514ed7) #6 0x11ab69cd4 in WebCore::findPlainText(WebCore::Range const&, WTF::String const&, unsigned char, unsigned long&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6519cd4) #7 0x11ab696e2 in WebCore::findPlainText(WebCore::Range const&, WTF::String const&, unsigned char) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x65196e2) #8 0x115b339ef in WebCore::Editor::rangeOfString(WTF::String const&, WebCore::Range*, unsigned char) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x14e39ef) #9 0x115b32bc0 in WebCore::Editor::findString(WTF::String const&, unsigned char) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x14e2bc0) #10 0x115a4d949 in WebCore::DOMWindow::find(WTF::String const&, bool, bool, bool, bool, bool, bool) const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x13fd949) #11 0x11751b4f2 in WebCore::jsDOMWindowInstanceFunctionFind(JSC::ExecState*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x2ecb4f2) #12 0x338d55001027 (<unknown module>) #13 0x10fa3f993 in llint_entry (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2386993) #14 0x10fa384ad in vmEntryToJavaScript (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x237f4ad) #15 0x10f4662bd in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x1dad2bd) #16 0x10f3316f0 in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x1c786f0) #17 0x10de1271a in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x75971a) #18 0x10de12c37 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x759c37) #19 0x10de136ad in JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x75a6ad) #20 0x116fdd1f0 in WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x298d1f0) #21 0x1176f2bec in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x30a2bec) #22 0x115c6a3c8 in WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener>, 1ul, WTF::CrashOnOverflow, 16ul>) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x161a3c8) #23 0x115c69c15 in WebCore::EventTarget::fireEventListeners(WebCore::Event&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1619c15) #24 0x115a4192a in WebCore::DOMWindow::dispatchEvent(WebCore::Event&, WebCore::EventTarget*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x13f192a) #25 0x115a58344 in WebCore::DOMWindow::dispatchLoadEvent() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1408344) #26 0x1157e6ad1 in WebCore::Document::dispatchWindowLoadEvent() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1196ad1) #27 0x1157dc54c in WebCore::Document::implicitClose() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x118c54c) #28 0x1160c21e2 in WebCore::FrameLoader::checkCallImplicitClose() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a721e2) #29 0x1160c1ccb in WebCore::FrameLoader::checkCompleted() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a71ccb) #30 0x1160be176 in WebCore::FrameLoader::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a6e176) #31 0x115800ab2 in WebCore::Document::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x11b0ab2) #32 0x116487555 in WebCore::HTMLConstructionSite::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e37555) #33 0x11677f5b7 in WebCore::HTMLTreeBuilder::finished() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x212f5b7) #34 0x1164facfb in WebCore::HTMLDocumentParser::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1eaacfb) #35 0x1164f69e6 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ea69e6) #36 0x1164f664d in WebCore::HTMLDocumentParser::prepareToStopParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ea664d) #37 0x1164fad9b in WebCore::HTMLDocumentParser::attemptToEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1eaad9b) #38 0x1164fadf3 in WebCore::HTMLDocumentParser::finish() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1eaadf3) #39 0x1159c597f in WebCore::DocumentWriter::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x137597f) #40 0x11591fe56 in WebCore::DocumentLoader::finishedLoading(double) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12cfe56) #41 0x11591f98a in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12cf98a) #42 0x114c61b23 in WebCore::CachedResource::checkNotify() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x611b23) #43 0x114c61d13 in WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x611d13) #44 0x114c56d54 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x606d54) #45 0x11a74fe8e in WebCore::SubresourceLoader::didFinishLoading(double) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x60ffe8e) #46 0x1085b643e in WebKit::WebResourceLoader::didFinishResourceLoad(double) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9143e) #47 0x1085c46ce in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>&&, std::__1::integer_sequence<unsigned long, 0ul>) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9f6ce) #48 0x1085c4374 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9f374) #49 0x1085c1680 in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9c680) #50 0x1085bfa10 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1a9aa10) #51 0x1072e8da9 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x7c3da9) #52 0x106cfcfba in IPC::Connection::dispatchMessage(IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d7fba) #53 0x106ce57c4 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1c07c4) #54 0x106cfdca5 in IPC::Connection::dispatchOneMessage() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d8ca5) #55 0x106d0e25c in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1e925c) #56 0x106d0e188 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1e9188) #57 0x11043e830 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2d85830) #58 0x110488d50 in WTF::RunLoop::performWork() (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2dcfd50) #59 0x110489b11 in WTF::RunLoop::performWork(void*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2dd0b11) #60 0x7fff81c1f880 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa880) #61 0x7fff81bfefbb in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x89fbb) #62 0x7fff81bfe4de in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x894de) #63 0x7fff81bfded7 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88ed7) #64 0x7fff82fde934 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30934) #65 0x7fff82fde76e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x3076e) #66 0x7fff82fde5ae in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x305ae) #67 0x7fff8e643df5 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48df5) #68 0x7fff8e643225 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48225) #69 0x7fff8e637d7f in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3cd7f) #70 0x7fff8e601367 in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x6367) #71 0x7fff92f09193 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x11193) #72 0x7fff92f07bbd in xpc_main (/usr/lib/system/libxpc.dylib+0xfbbd) #73 0x106b10f73 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x100001f73) #74 0x7fff8ab8d5ac in start (/usr/lib/system/libdyld.dylib+0x35ac) #75 0x0 (<unknown module>) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2d01528) in WTFCrash ==2412==ABORTING #CRASHED - com.apple.WebKit.WebContent.Development (pid 2412)
Attachments
Test
(317 bytes, application/octet-stream)
2016-10-27 14:17 PDT
,
Renata Hodovan
no flags
Details
Beautified test
(351 bytes, text/html)
2016-10-27 14:25 PDT
,
Renata Hodovan
no flags
Details
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
Renata Hodovan
Comment 1
2016-10-27 14:17:08 PDT
Created
attachment 293055
[details]
Test
Renata Hodovan
Comment 2
2016-10-27 14:25:48 PDT
Created
attachment 293056
[details]
Beautified test
Ahmad Saleem
Comment 3
2023-01-20 10:54:46 PST
I am not able to hit this assert in Minibrowser WK2 Debug build based of
259136@main
using attached test case. Do we need to track it further? Thanks!
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug