257563 – REGRESSION(264722@main) ASSERTION FAILED: forward ? nativeIndex < nativeLength : nativeIndex <= nativeLength in WTF::textUTF16ContextAwareMoveInPrimaryContext

RESOLVED FIXED257563

REGRESSION(264722@main) ASSERTION FAILED: forward ? nativeIndex < nativeLength : nativeIndex <= nativeLength in WTF::textUTF16ContextAwareMoveInPrimaryContext

https://bugs.webkit.org/show_bug.cgi?id=257563

Summary REGRESSION(264722@main) ASSERTION FAILED: forward ? nativeIndex < nativeLengt...

Fujii Hironori

Reported 2023-05-31 13:25:00 PDT

WinCairo-64-bit-Debug-Tests is reporting some test failures due to an assertion failure. 264727@main first bad 264721@main last good https://build.webkit.org/results/WinCairo-64-bit-Debug-Tests/264727@main%20(20362)/results.html ASSERTION FAILED: forward ? nativeIndex < nativeLength : nativeIndex <= nativeLength C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WTF\wtf\text\icu\UTextProviderUTF16.cpp(72) : WTF::textUTF16ContextAwareMoveInPrimaryContext 1 00007FFC154B26FB WTFCrash 2 00007FFC154B7E3D WTFCrashWithInfo 3 00007FFC1563B54E WTF::textUTF16ContextAwareMoveInPrimaryContext 4 00007FFC1563B7C8 WTF::textUTF16ContextAwareSwitchToPrimaryContext 5 00007FFC1563B1B1 WTF::uTextUTF16ContextAwareAccess 6 00000000679177F6 utext_setNativeIndex_73 7 000000006787D32E icu_73::RuleBasedBreakIterator::preceding 8 00007FFBD7C27A6B WTF::TextBreakIteratorICU::preceding 9 00007FFBD7BE9AEE `WTF::TextBreakIterator::preceding'::`2'::<lambda_1>::operator()<WTF::TextBreakIteratorICU> 10 00007FFBD7C066B8 std::invoke<WTF::Visitor<`WTF::TextBreakIterator::preceding'::`2'::<lambda_1> >,WTF::TextBreakIteratorICU const &> 11 00007FFBD7BE9E88 std::_Variant_dispatcher<std::integer_sequence<unsigned __int64,1> >::_Dispatch2<std::optional<unsigned int>,WTF::Visitor<`WTF::TextBreakIterator::preceding'::`2'::<lambda_1> >,std::variant<WTF::TextBreakIteratorICU,WTF::NullTextBreakIterator> const &,0> 12 00007FFBD7BEB463 std::_Visit_strategy<1>::_Visit2<std::optional<unsigned int>,std::_Meta_list<std::integer_sequence<unsigned __int64,0>,std::integer_sequence<unsigned __int64,1>,std::integer_sequence<unsigned __int64,2> >,WTF::Visitor<`WTF::TextBreakIterator::preceding'::`2'::<lambda_1> >,std::variant<WTF::TextBreakIteratorICU,WTF::NullTextBreakIterator> const &> 13 00007FFBD7BEB8CF std::_Visit_impl<3,std::optional<unsigned int>,std::_Meta_list<std::integer_sequence<unsigned __int64,0>,std::integer_sequence<unsigned __int64,1>,std::integer_sequence<unsigned __int64,2> >,WTF::Visitor<`WTF::TextBreakIterator::preceding'::`2'::<lambda_1> >,std::variant<WTF::TextBreakIteratorICU,WTF::NullTextBreakIterator> const &> 14 00007FFBD7C21BE1 std::visit<WTF::Visitor<`WTF::TextBreakIterator::preceding'::`2'::<lambda_1> >,std::variant<WTF::TextBreakIteratorICU,WTF::NullTextBreakIterator> const &,void> 15 00007FFBD7C17103 WTF::switchOn<std::variant<WTF::TextBreakIteratorICU,WTF::NullTextBreakIterator> const &,`WTF::TextBreakIterator::preceding'::`2'::<lambda_1> > 16 00007FFBD7C27A08 WTF::TextBreakIterator::preceding 17 00007FFBD7C27942 WTF::CachedTextBreakIterator::preceding 18 00007FFBD823D737 WebCore::RenderText::previousOffset 19 00007FFBD825FDE9 WebCore::containsOffset 20 00007FFBD823D472 WebCore::RenderText::containsCaretOffset 21 00007FFBD6C56466 WebCore::Position::isCandidate 22 00007FFBD6E719E6 WebCore::VisiblePosition::canonicalPosition 23 00007FFBD6E6FCA4 WebCore::VisiblePosition::VisiblePosition 24 00007FFBD6E77DEC WebCore::VisibleSelection::setBaseAndExtentToDeepEquivalents 25 00007FFBD6E778E9 WebCore::VisibleSelection::validate 26 00007FFBD6E758A3 WebCore::VisibleSelection::VisibleSelection 27 00007FFBD6DA9F08 WebCore::FrameSelection::moveTo 28 00007FFBD78563A6 WebCore::DOMSelection::setBaseAndExtent 29 00007FFBD45F1E0B `WebCore::jsDOMSelectionPrototypeFunction_setBaseAndExtentBody'::`62'::<lambda_3>::operator() 30 00007FFBD4628DB6 WebCore::toJS<WebCore::IDLUndefined,`WebCore::jsDOMSelectionPrototypeFunction_setBaseAndExtentBody'::`62'::<lambda_3> > 31 00007FFBD45F1BD5 WebCore::jsDOMSelectionPrototypeFunction_setBaseAndExtentBody 264722@main (bug#257469) seems like a culprit.

Attachments
test case (125 bytes, text/html) 2023-05-31 15:02 PDT, Fujii Hironori	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Fujii Hironori

Comment 1 2023-05-31 15:02:32 PDT

Created attachment 466553 [details] test case WinCairo Debug MiniBrowser can reproduce the crash by loading this test case. Variables in the assertion were forward = 1 nativeIndex = 1 nativeLength = 1

Fujii Hironori

Comment 2 2023-05-31 22:28:02 PDT

UText access callback has to return false if the requested index is out of bounds. https://unicode-org.github.io/icu-docs/apidoc/dev/icu4c/utext_8h.html#a829af7190e7cee22c647af949ebb4730

Fujii Hironori

Comment 3 2023-06-01 00:00:44 PDT

Pull request: https://github.com/WebKit/WebKit/pull/14578

Radar WebKit Bug Importer

Comment 4 2023-06-01 10:35:34 PDT

<rdar://problem/110122162>

EWS

Comment 5 2023-06-01 12:53:49 PDT

Committed 264804@main (d59f20a7765a): <https://commits.webkit.org/264804@main> Reviewed commits have been landed. Closing PR #14578 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Text

Assignee

Fujii Hironori

Reported

2023-05-31 13:25 PDT

Modified

2023-06-01 12:53 PDT History

CC List

2 users Show

URL

Keywords InRadar

Depends on

Blocks