167673 – WebProcess crashes in int WTF::__throw_bad_variant_access<int> when expanding/shrinking a block selection

RESOLVED FIXED 167673

WebProcess crashes in int WTF::__throw_bad_variant_access<int> when expanding/shrinking a block selection

https://bugs.webkit.org/show_bug.cgi?id=167673

Summary WebProcess crashes in int WTF::__throw_bad_variant_access<int> when expandin...

Enrica Casucci

Reported 2017-01-31 15:49:11 PST

There are no reproducible steps for this crash but the crash log indicates that it occurs expanding/shrinking a block selection on iOS in Safari. Here is the stack trace of the crash: Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed ↩: 0 WebKit 0x00000001935ac708 int WTF::__throw_bad_variant_access<int>(char const*) + 36 (Variant.h:120) 1 WebKit 0x00000001935ac708 int WTF::__throw_bad_variant_access<int>(char const*) + 36 (Variant.h:120) 2 WebKit 0x000000019359fd88 WebKit::containsRange(WebCore::Range*, WebCore::Range*) + 324 (Variant.h:1808) 3 WebKit 0x000000019359f708 WebKit::WebPage::expandedRangeFromHandle(WebCore::Range*, WebKit::SelectionHandlePosition) + 560 (WebPageIOS.mm:1339) 4 WebKit 0x00000001935a0478 WebKit::WebPage::computeExpandAndShrinkThresholdsForHandle(WebCore::IntPoint const&, WebKit::SelectionHandlePosition, float&, float&) + 136 (WebPageIOS.mm:1526) 5 WebKit 0x00000001935a0ff0 WebKit::WebPage::updateSelectionWithTouches(WebCore::IntPoint const&, unsigned int, bool, unsigned long long) + 756 (WebPageIOS.mm:1744) 6 WebKit 0x00000001935b2b6c void IPC::handleMessage<Messages::WebPage::UpdateSelectionWithTouches, WebKit::WebPage, void (WebKit::WebPage::*)(WebCore::IntPoint const&, unsigned int, bool, unsigned long long)>(IPC::Decoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebCore::IntPoint const&, unsigned int, bool, unsigned long long)) + 76 (HandleMessage.h:46) 7 WebKit 0x0000000193482828 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 120 (MessageReceiverMap.cpp:123) 8 WebKit 0x0000000193611d8c WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 36 (WebProcess.cpp:638) 9 WebKit 0x0000000193448918 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 164 (Connection.cpp:897) 10 WebKit 0x000000019344b104 IPC::Connection::dispatchOneMessage() + 232 (Connection.cpp:955) 11 JavaScriptCore 0x000000018e358c24 WTF::RunLoop::performWork() + 172 (Function.h:50) 12 JavaScriptCore 0x000000018e358efc WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38) rdar://problem/30229620

Attachments
Patch (2.74 KB, patch) 2017-02-01 15:06 PST, Enrica Casucci	andersca: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Enrica Casucci

Comment 1 2017-02-01 15:06:01 PST

Created attachment 300358 [details] Patch

Enrica Casucci

Comment 2 2017-02-01 15:26:55 PST

Committed revision 211538.

Darin Adler

Comment 3 2017-02-04 18:21:17 PST

Thanks for fixing this; my fault. Can someone figure out how to make us a regression test for this?

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component HTML Editing

Assignee

Nobody

Reported

2017-01-31 15:49 PST

Modified

2017-02-04 18:21 PST History

CC List

3 users Show

URL

Keywords

Depends on

Blocks