RESOLVED FIXED 221786
Nullopt crash in DOMSelection::getRangeAt 
https://bugs.webkit.org/show_bug.cgi?id=221786
Summary Nullopt crash in DOMSelection::getRangeAt
Ryosuke Niwa
Reported 2021-02-11 17:01:47 PST
We're somehow hitting nullptr crash in DOMSelection::getRangeAt: 0 WebCore 0x0000000192226334 WebCore::DOMSelection::getRangeAt(unsigned int) + 1332 (DOMSelection.cpp:0) 1 WebCore 0x0000000192225fa4 WebCore::DOMSelection::getRangeAt(unsigned int) + 420 (DOMSelection.cpp:370) 2 WebCore 0x0000000190d6d624 WebCore::jsDOMSelectionPrototypeFunction_getRangeAt(JSC::JSGlobalObject*, JSC::CallFrame*) + 288 (JSDOMSelection.cpp:406) 3 ??? 0x0000000e324fcb84 0 + 60973632388 <rdar://problem/73611927>
Attachments
Adds a nullptr check (1.70 KB, patch)
2021-02-11 17:05 PST, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
Patch (1.67 KB, patch)
2021-02-11 19:36 PST, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1 2021-02-11 17:02:45 PST
This is probably a regression from https://trac.webkit.org/changeset/266295/webkit/trunk/Source/WebCore/page/DOMSelection.cpp
Ryosuke Niwa
Comment 2 2021-02-11 17:05:27 PST
Created attachment 420069 [details] Adds a nullptr check
Alexey Proskuryakov
Comment 3 2021-02-11 18:04:16 PST
Comment on attachment 420069 [details] Adds a nullptr check View in context: https://bugs.webkit.org/attachment.cgi?id=420069&action=review > Source/WebCore/ChangeLog:3 > + Nullptr crash in DOMSelection::getRangeAt I think that the crash log that I saw showed a break, not nullptr?
Ryosuke Niwa
Comment 4 2021-02-11 19:27:17 PST
(In reply to Alexey Proskuryakov from comment #3) > Comment on attachment 420069 [details] > Adds a nullptr check > > View in context: > https://bugs.webkit.org/attachment.cgi?id=420069&action=review > > > Source/WebCore/ChangeLog:3 > > + Nullptr crash in DOMSelection::getRangeAt > > I think that the crash log that I saw showed a break, not nullptr? Ugh... typo. It's nullopt* crash, not nullptr.
Ryosuke Niwa
Comment 5 2021-02-11 19:36:30 PST
Created attachment 420081 [details] Patch
Ryosuke Niwa
Comment 6 2021-02-12 01:38:20 PST
Comment on attachment 420081 [details] Patch Clearing flags on attachment: 420081 Committed r272777: <https://trac.webkit.org/changeset/272777>
Ryosuke Niwa
Comment 7 2021-02-12 01:38:22 PST
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 8 2021-02-12 01:39:13 PST
<rdar://problem/74268861>
Ryosuke Niwa
Comment 9 2021-02-15 17:57:43 PST
Now I know the root cause of this bug. Fixing it in https://bugs.webkit.org/show_bug.cgi?id=221942 with a test.
Note You need to log in before you can comment on or make changes to this bug.