RESOLVED FIXED 255704
REGRESSION (262544@main): [ iOS ] Assertion failure in Position::Position via computeEditableRootHasContentAndPlainText 
https://bugs.webkit.org/show_bug.cgi?id=255704
Summary REGRESSION (262544@main): [ iOS ] Assertion failure in Position::Position via...
Karl Rackler
Reported 2023-04-19 22:16:08 PDT
Description: editing/inserting/insert-img-uneditable-canonical-position-crash.html is a consistent crash The test was consistently passing and began to fail between ranges https://commits.webkit.org/compare/262536@main...262545@main . Looking at the commits, it is possible that https://commits.webkit.org/262544@main caused the crashes as VisableSelection.cpp was modified, and the Assertion has reference to that. This issue can be reproduced using the command: run-webkit-tests --debug --iterations=1 --ios-simulator editing/inserting/insert-img-uneditable-canonical-position-crash.html History: https://results.webkit.org/?suite=layout-tests&test=editing%2Finserting%2Finsert-img-uneditable-canonical-position-crash.html&platform=ios&style=debug&limit=50000&recent=false Crash Log: No crash log found for com.apple.WebKit.WebContent.Development:22617. stdout: stderr: ASSERTION FAILED: !((anchorType == PositionIsBeforeChildren || anchorType == PositionIsAfterChildren) && (is<Text>(*m_anchorNode) || editingIgnoresContent(*m_anchorNode))) /Volumes/Data/worker/Apple-iOS-16-Simulator-Debug-Build/build/Source/WebCore/dom/Position.cpp(127) : WebCore::Position::Position(WebCore::Node *, WebCore::Position::AnchorType) 1 0x10c9968c8 WTFCrash 2 0x146135570 JSC::VMTraps::maybeNeedHandling() const 3 0x1490976e0 WebCore::Position::Position(WebCore::Node*, WebCore::Position::AnchorType) 4 0x149097720 WebCore::Position::Position(WebCore::Node*, WebCore::Position::AnchorType) 5 0x131048938 WebCore::firstPositionInNode(WebCore::Node*) 6 0x1325cc30c WebKit::computeEditableRootHasContentAndPlainText(WebCore::VisibleSelection const&, WebKit::EditorState::PostLayoutData&) 7 0x1325cbabc WebKit::WebPage::getPlatformEditorState(WebCore::LocalFrame&, WebKit::EditorState&) const 8 0x1332fe444 WebKit::WebPage::editorState(WebKit::WebPage::ShouldPerformLayout) const 9 0x133315d54 WebKit::WebPage::sendEditorStateUpdate() 10 0x133315e0c WebKit::WebPage::didChangeContents() 11 0x132fcb8d0 WebKit::WebEditorClient::respondToChangedContents() 12 0x1491da278 WebCore::Editor::respondToChangedContents(WebCore::VisibleSelection const&) 13 0x1491dd4d0 WebCore::Editor::appliedEditing(WebCore::CompositeEditCommand&) 14 0x14919ba5c WebCore::CompositeEditCommand::didApplyCommand() 15 0x149189740 WebCore::CompositeEditCommand::apply() 16 0x14920b844 WebCore::executeInsertFragment(WebCore::LocalFrame&, WTF::Ref<WebCore::DocumentFragment, WTF::RawPtrTraits<WebCore::DocumentFragment>>&&) 17 0x14920b998 WebCore::executeInsertNode(WebCore::LocalFrame&, WTF::Ref<WebCore::Node, WTF::RawPtrTraits<WebCore::Node>>&&) 18 0x149205e0c WebCore::executeInsertImage(WebCore::LocalFrame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) 19 0x1491e1400 WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const 20 0x148ed7c54 WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) 21 0x146523234 WebCore::jsDocumentPrototypeFunction_execCommandBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDocument*) 22 0x146522d38 long long WebCore::IDLOperation<WebCore::JSDocument>::call<&WebCore::jsDocumentPrototypeFunction_execCommandBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDocument*), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) 23 0x14650f27c WebCore::jsDocumentPrototypeFunction_execCommand(JSC::JSGlobalObject*, JSC::CallFrame*) 24 0x2929981fc (null) 25 0x10d0138a0 llint_entry 26 0x10cfede28 vmEntryToJavaScript 27 0x10e0c196c JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*) 28 0x10e3c8c0c JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) 29 0x10e3c8d88 JSC::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) 30 0x148771324 WebCore::JSExecState::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) 31 0x148770dd0 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) com.apple.WebKit.WebContent.Development terminated (pid 22617) for reason: crash
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2023-04-19 22:18:43 PDT
<rdar://problem/108299531>
Karl Rackler
Comment 2 2023-04-19 22:25:57 PDT
I have marked this test as as skip while this issue is investigated.
EWS
Comment 3 2023-04-19 22:32:58 PDT
Test gardening commit 263162@main (8d3513a4b76b): <https://commits.webkit.org/263162@main> Reviewed commits have been landed. Closing PR #12957 and removing active labels.
Ryosuke Niwa
Comment 4 2023-04-20 18:19:13 PDT
This indeed regressed in 262544@main.
Ryosuke Niwa
Comment 5 2023-04-20 18:53:16 PDT
Pull request: https://github.com/WebKit/WebKit/pull/13004
EWS
Comment 6 2023-04-21 11:17:55 PDT
Committed 263252@main (e3bec6d3fc6c): <https://commits.webkit.org/263252@main> Reviewed commits have been landed. Closing PR #13004 and removing active labels.
Karl Rackler
Comment 7 2023-05-01 08:04:32 PDT
Removing test expectation.
EWS
Comment 8 2023-05-01 08:09:24 PDT
Test gardening commit 263550@main (c462f9edfc2e): <https://commits.webkit.org/263550@main> Reviewed commits have been landed. Closing PR #13328 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.