Closed Bug 798963 Opened 12 years ago Closed 8 years ago

Crash typing into contentEditable after selection has been cleared

Categories

(Core :: DOM: Editor, defect, P2)

Product:
Core
Component:
DOM: Editor
Platform:
x86_64
macOS
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1345015

People

(Reporter: jruderman, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, crash, testcase)

Crash Data

Attachments

(2 files, 1 obsolete file)

testcase (see comment 0)
(deleted), text/html
Details
log.txt
(deleted), text/plain
Details
Attached file testcase (see comment 0) (deleted) —
1. Load the testcase (with focus). 2. Press the 'x' key. Result: Crash [@ nsHTMLEditRules::GetPromotedPoint ]
Attached file stack trace (obsolete) (deleted) —
Nightly: bp-9d3c9416-ce25-4d51-be03-abba22121007
Is this a regression?
Blocks: fuzz-keys
This still reproduces with the STR in comment 0. Backtrace from mozilla-central rev a793136c90bc (nightly asan): ==8239==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f137f3b01dd bp 0x7ffec4185a20 sp 0x7ffec41856e0 T0) #0 0x7f137f3b01dc in mozilla::HTMLEditRules::GetPromotedPoint(mozilla::HTMLEditRules::RulesEndpoint, nsIDOMNode*, int, EditAction, nsCOMPtr<nsIDOMNode>*, int*) /home/worker/workspace/build/src/editor/libeditor/HTMLEditRules.cpp:5422:16 #1 0x7f137f343f85 in mozilla::HTMLEditRules::PromoteRange(nsRange&, EditAction) /home/worker/workspace/build/src/editor/libeditor/HTMLEditRules.cpp:5657:3 #2 0x7f137f342d7a in mozilla::HTMLEditRules::AfterEditInner(EditAction, short) /home/worker/workspace/build/src/editor/libeditor/HTMLEditRules.cpp:457:5 #3 0x7f137f342566 in mozilla::HTMLEditRules::AfterEdit(EditAction, short) /home/worker/workspace/build/src/editor/libeditor/HTMLEditRules.cpp:400:10 #4 0x7f137f3eb21b in mozilla::HTMLEditor::EndOperation() /home/worker/workspace/build/src/editor/libeditor/HTMLEditor.cpp:3515:25 #5 0x7f137f472881 in ~AutoRules /home/worker/workspace/build/src/obj-firefox/dist/include/mozilla/EditorUtils.h:251:7 #6 0x7f137f472881 in mozilla::TextEditor::InsertText(nsAString_internal const&) /home/worker/workspace/build/src/editor/libeditor/TextEditor.cpp:684 #7 0x7f137f4707f4 in mozilla::TextEditor::TypedText(nsAString_internal const&, mozilla::TextEditor::ETypingAction) /home/worker/workspace/build/src/editor/libeditor/TextEditor.cpp:413:14 #8 0x7f137f3c7579 in TypedText /home/worker/workspace/build/src/editor/libeditor/HTMLEditor.cpp:1013:10 #9 0x7f137f3c7579 in mozilla::HTMLEditor::HandleKeyPressEvent(mozilla::WidgetKeyboardEvent*) /home/worker/workspace/build/src/editor/libeditor/HTMLEditor.cpp:699 #10 0x7f137f31cc07 in mozilla::EditorEventListener::KeyPress(mozilla::WidgetKeyboardEvent*) /home/worker/workspace/build/src/editor/libeditor/EditorEventListener.cpp:613:17
Attached file log.txt (deleted) —
Debug log from mozilla-central rev 34c6c2f302e7
Attachment #668951 - Attachment is obsolete: true
Priority: -- → P2
Crash Signature: [@ nsHTMLEditRules::GetPromotedPoint ] → [@ nsHTMLEditRules::GetPromotedPoint ] [@ mozilla::HTMLEditRules::GetPromotedPoint ]
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: