243850 – ASSERTION FAILED !boxAndOffset.offset in WebCore::computeCaretRectForLineBreak

Bug 243850 - ASSERTION FAILED !boxAndOffset.offset in WebCore::computeCaretRectForLineBreak

Summary: ASSERTION FAILED !boxAndOffset.offset in WebCore::computeCaretRectForLineBreak

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Layout and Rendering (show other bugs)
Version:	WebKit Local Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:	116980
	Show dependency tree / graph

Reported:	2022-08-11 15:05 PDT by Renata Hodovan
Modified:	2023-01-19 02:42 PST (History)
CC List:	5 users (show)

See Also:

Attachments
Test (96 bytes, text/plain) 2022-08-11 15:05 PDT, Renata Hodovan	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Renata Hodovan 2022-08-11 15:05:08 PDT

WebKit revision: r295779
OS: Linux-5.4.0-122-generic-x86_64-with-glibc2.29
Build command: Tools/Scripts/build-webkit --gtk --debug
SUT: MiniBrowser, WebKitTestRunner
Fuzzer: Grammarinator (https://github.com/renatahodovan/grammarinator)

Test:

<body dir="rtl">
  <bdi autofocus contenteditable="true">
  <template></template>
  <br>
</body>

Backtrace:

ASSERTION FAILED: !boxAndOffset.offset
/app/webkit/Source/WebCore/rendering/CaretRectComputation.cpp(184) : WebCore::LayoutRect WebCore::computeCaretRectForLineBreak(const WebCore::InlineBoxAndOffset&, WebCore::CaretRectMode)
1   0x7faabbf245e1 WTFCrash
2   0x7faabf717586 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0xe3f586) [0x7faabf717586]
3   0x7faac4d09df0 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x6431df0) [0x7faac4d09df0]
4   0x7faac4d0a7d6 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x64327d6) [0x7faac4d0a7d6]
5   0x7faac3c5dcd4 WebCore::VisiblePosition::localCaretRect() const
6   0x7faac3ba51c4 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x52cd1c4) [0x7faac3ba51c4]
7   0x7faac3be1552 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5309552) [0x7faac3be1552]
8   0x7faac3be1995 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5309995) [0x7faac3be1995]
9   0x7faac3be430c WebCore::FrameSelection::updateAppearance()
10  0x7faac3bdb16a /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x530316a) [0x7faac3bdb16a]
11  0x7faac3be59ff WebCore::FrameSelection::revealSelection(WebCore::SelectionRevealMode, WebCore::ScrollAlignment const&, WebCore::RevealExtentOption, WebCore::ScrollBehavior)
12  0x7faac39b4128 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x50dc128) [0x7faac39b4128]
13  0x7faac39b3eae /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x50dbeae) [0x7faac39b3eae]
14  0x7faac39b3d88 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x50dbd88) [0x7faac39b3d88]
15  0x7faac39b439f /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x50dc39f) [0x7faac39b439f]
16  0x7faac38f2a54 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x501aa54) [0x7faac38f2a54]
17  0x7faac4686392 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5dae392) [0x7faac4686392]
18  0x7faac46b828a /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5de028a) [0x7faac46b828a]
19  0x7faac3874d39 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x4f9cd39) [0x7faac3874d39]
20  0x7faac468d5ba /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5db55ba) [0x7faac468d5ba]
21  0x7faac468d61a WebCore::Page::forEachDocument(WTF::Function<void (WebCore::Document&)> const&) const
22  0x7faac468634b /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x5dae34b) [0x7faac468634b]
23  0x7faac46867c2 WebCore::Page::updateRendering()
24  0x7faac0ef7522 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x261f522) [0x7faac0ef7522]
25  0x7faac0f64b46 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x268cb46) [0x7faac0f64b46]
26  0x7faac0f64792 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x268c792) [0x7faac0f64792]
27  0x7faac0f624c1 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x268a4c1) [0x7faac0f624c1]
28  0x7faac0ef6d77 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0(+0x261ed77) [0x7faac0ef6d77]
29  0x7faac0bf9a94 WKBundlePageForceRepaint
30  0x7faa711f326c /app/webkit/WebKitBuild/Debug/lib/libTestRunnerInjectedBundle.so(+0xa926c) [0x7faa711f326c]
31  0x7faa711f82f8 /app/webkit/WebKitBuild/Debug/lib/libTestRunnerInjectedBundle.so(+0xae2f8) [0x7faa711f82f8]
WebKitWebProcess terminated (pid 24) for reason: crash
#CRASHED - WebKitWebProcess (pid 24)
LEAK: 1 WebProcessPool
LEAK: 1 WebPageProxy

Comment 1 Renata Hodovan 2022-08-11 15:05:10 PDT

Created attachment 461547 [details]
Test

Comment 2 Radar WebKit Bug Importer 2022-08-18 15:06:14 PDT

<rdar://problem/98852598>

Comment 3 Rob Buis 2023-01-19 02:42:41 PST

Crash still happens (with IFC disabled).