RESOLVED CONFIGURATION CHANGED 202909
Chromium test-case asserts with ASSERTION FAILED: startOffset <= endOffset 
https://bugs.webkit.org/show_bug.cgi?id=202909
Summary Chromium test-case asserts with ASSERTION FAILED: startOffset <= endOffset
Emilio Cobos Álvarez (:emilio)
Reported 2019-10-13 14:29:09 PDT
On master (247b0314320d499ae788b6ea993aa1d98e2d607e / r250962), WebKitGTK build. Running this test-case: https://cs.chromium.org/chromium/src/third_party/blink/web_tests/fast/dom/Range/range-extract-contents-after-move-to-another-document-crash.html?rcl=753caf715d8f30f0c673f1b4b36dadfc75c3201f Asserts like: ASSERTION FAILED: startOffset <= endOffset ../../Source/WebCore/dom/Range.cpp(686) : WebCore::ExceptionOr<WTF::RefPtr<WebCore::Node> > WebCore::processContentsBetweenOffsets(WebCore::Range::ActionType, WTF::RefPtr<WebCore::DocumentFragment>, WTF::RefPtr<WebCore::Node>, unsigned int, unsigned int) 1 0x7fee8256f3d3 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x9) [0x7fee8256f3d3] 2 0x7fee8e2185f2 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF15CrashOnOverflow10overflowedEv+0) [0x7fee8e2185f2] 3 0x7fee90711bc7 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0xcad4bc7) [0x7fee90711bc7] 4 0x7fee90710e2b /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore5Range15processContentsENS0_10ActionTypeE+0x1b5) [0x7fee90710e2b] 5 0x7fee90712fe4 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore5Range15extractContentsEv+0x28) [0x7fee90712fe4] 6 0x7fee8f7ac807 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0xbb6f807) [0x7fee8f7ac807] 7 0x7fee8f7b1e74 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0xbb74e74) [0x7fee8f7b1e74] 8 0x7fee8f7ac87b /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore39jsRangePrototypeFunctionExtractContentsEPN3JSC14JSGlobalObjectEPNS0_9CallFrameE+0x23) [0x7fee8f7ac87b] 9 0x7fee2cafa16b [0x7fee2cafa16b] Seems like it's handled safely so not filing as security sensitive.
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2019-10-14 17:23:22 PDT
<rdar://problem/56271256>
Ahmad Saleem
Comment 2 2022-10-05 09:13:00 PDT
@ap - Is it something related to Webkit or this was specific to Chromium port? Thanks!
Alexey Proskuryakov
Comment 3 2022-10-07 11:41:58 PDT
This was filed against the Gtk port, and long after Chromium forked. So, not Chromium related, it's just reproducible with their test case.
Ahmad Saleem
Comment 4 2024-04-05 05:04:53 PDT
It does not reproduce this assert in WebKit Minibrowser (WK2 - Debug - 277105@main) https://jsfiddle.net/9tj0f6L4/
Alexey Proskuryakov
Comment 5 2024-04-05 10:41:08 PDT
Cannot reproduce in run-webkit-tests either, WebKit1 or WebKit2. And this is cross-platform code, so unlikely to have been Gtk only. It may be nice to land this test, as I couldn't find a specific fix. But realistically, seems not worth tracking that, and we may well have one anyway.
Note You need to log in before you can comment on or make changes to this bug.