Closed Bug 1511559 Opened 7 years ago Closed 5 years ago

Assertion failure: aPoint.IsSetAndValid(), at m:/src/editor/libeditor/EditorBase.cpp:3429

Tracking

()

Status:

RESOLVED WORKSFORME

Tracking Flags:

Tracking

Status

firefox65

---

affected

People

(Reporter: tsmith, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, crash, testcase)

Crash Data

Attachments

(1 file)

testcase.html 7 years ago Tyson Smith [:tsmith] 360 bytes, text/html		Details

Tyson Smith [:tsmith]

Reporter

Description

•

7 years ago

Attached file testcase.html — Details

Assertion failure: !ignoredError.Failed(), at src/editor/libeditor/HTMLEditRules.cpp:7543 #0 mozilla::HTMLEditRules::GetNodesFromPoint(mozilla::EditorDOMPointBase<nsCOMPtr<nsINode>, nsCOMPtr<nsIContent> > const&, mozilla::EditSubAction, nsTArray<mozilla::OwningNonNull<nsINode> >&, mozilla::HTMLEditRules::TouchContent) src/editor/libeditor/HTMLEditRules.cpp:7543:3 #1 mozilla::HTMLEditRules::MoveBlock(mozilla::dom::Element&, mozilla::dom::Element&, int, int) src/editor/libeditor/HTMLEditRules.cpp:3549:17 #2 mozilla::HTMLEditRules::TryToJoinBlocksWithTransaction(nsIContent&, nsIContent&) src/editor/libeditor/HTMLEditRules.cpp:3312:11 #3 mozilla::HTMLEditRules::WillDeleteSelection(short, short, bool*, bool*) src/editor/libeditor/HTMLEditRules.cpp:2701:32 #4 mozilla::HTMLEditRules::WillDoAction(mozilla::EditSubActionInfo&, bool*, bool*) src/editor/libeditor/HTMLEditRules.cpp:692:14 #5 mozilla::TextEditor::DeleteSelectionAsSubAction(short, short) src/editor/libeditor/TextEditor.cpp:758:24 #6 mozilla::TextEditor::DeleteSelectionAsAction(short, short) src/editor/libeditor/TextEditor.cpp:731:17 #7 mozilla::DeleteCommand::DoCommand(char const*, nsISupports*) src/editor/libeditor/EditorCommands.cpp:747:19 #8 nsControllerCommandTable::DoCommand(char const*, nsISupports*) src/dom/commandhandler/nsControllerCommandTable.cpp:140:26 #9 nsBaseCommandController::DoCommand(char const*) src/dom/commandhandler/nsBaseCommandController.cpp:123:25 #10 nsCommandManager::DoCommand(char const*, nsICommandParams*, mozIDOMWindowProxy*) src/dom/commandhandler/nsCommandManager.cpp:199:22 #11 nsHTMLDocument::ExecCommand(nsTSubstring<char16_t> const&, bool, nsTSubstring<char16_t> const&, nsIPrincipal&, mozilla::ErrorResult&) src/dom/html/nsHTMLDocument.cpp:2819:18 #12 mozilla::dom::HTMLDocument_Binding::execCommand(JSContext*, JS::Handle<JSObject*>, nsHTMLDocument*, JSJitMethodCallArgs const&) src/obj-firefox/dom/bindings/HTMLDocumentBinding.cpp:615:21 #13 bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) src/dom/bindings/BindingUtils.cpp:3063:13 #14 CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) src/js/src/vm/Interpreter.cpp:443:13 #15 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) src/js/src/vm/Interpreter.cpp:535:12 #16 InternalCall(JSContext*, js::AnyInvokeArgs const&) src/js/src/vm/Interpreter.cpp:590:10 #17 Interpret(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:3348:16 #18 js::RunScript(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:423:10 #19 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) src/js/src/vm/Interpreter.cpp:563:13 #20 InternalCall(JSContext*, js::AnyInvokeArgs const&) src/js/src/vm/Interpreter.cpp:590:10 #21 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) src/js/src/vm/Interpreter.cpp:606:8 #22 JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) src/js/src/jsapi.cpp:2651:10 #23 mozilla::dom::EventHandlerNonNull::Call(JSContext*, JS::Handle<JS::Value>, mozilla::dom::Event&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&) src/obj-firefox/dom/bindings/EventHandlerBinding.cpp:265:37 #24 void mozilla::dom::EventHandlerNonNull::Call<nsISupports*>(nsISupports* const&, mozilla::dom::Event&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&, char const*, mozilla::dom::CallbackObject::ExceptionHandling, JS::Realm*) src/obj-firefox/dist/include/mozilla/dom/EventHandlerBinding.h:363:12 #25 mozilla::JSEventHandler::HandleEvent(mozilla::dom::Event*) src/dom/events/JSEventHandler.cpp:205:12 #26 mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, mozilla::dom::Event*, mozilla::dom::EventTarget*) src/dom/events/EventListenerManager.cpp:1044:51 #27 mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, nsEventStatus*, bool) src/dom/events/EventListenerManager.cpp:1239:17 #28 mozilla::EventTargetChainItem::HandleEvent(mozilla::EventChainPostVisitor&, mozilla::ELMCreationDetector&) src/dom/events/EventDispatcher.cpp:346:17 #29 mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) src/dom/events/EventDispatcher.cpp:548:16 #30 mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) src/dom/events/EventDispatcher.cpp:1038:11 #31 nsDocumentViewer::LoadComplete(nsresult) src/layout/base/nsDocumentViewer.cpp:1103:7 #32 nsDocShell::EndPageLoad(nsIWebProgress*, nsIChannel*, nsresult) src/docshell/base/nsDocShell.cpp:6709:21 #33 nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult) src/docshell/base/nsDocShell.cpp:6507:7 #34 non-virtual thunk to nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult) src/docshell/base/nsDocShell.cpp #35 nsDocLoader::DoFireOnStateChange(nsIWebProgress*, nsIRequest*, int&, nsresult) src/uriloader/base/nsDocLoader.cpp:1236:3 #36 nsDocLoader::doStopDocumentLoad(nsIRequest*, nsresult) src/uriloader/base/nsDocLoader.cpp:795:14 #37 nsDocLoader::DocLoaderIsEmpty(bool) src/uriloader/base/nsDocLoader.cpp:694:9 #38 nsDocLoader::OnStopRequest(nsIRequest*, nsISupports*, nsresult) src/uriloader/base/nsDocLoader.cpp:590:5 #39 non-virtual thunk to nsDocLoader::OnStopRequest(nsIRequest*, nsISupports*, nsresult) src/uriloader/base/nsDocLoader.cpp #40 mozilla::net::nsLoadGroup::RemoveRequest(nsIRequest*, nsISupports*, nsresult) src/netwerk/base/nsLoadGroup.cpp:586:22 #41 nsIDocument::DoUnblockOnload() src/dom/base/nsDocument.cpp:7789:18 #42 nsDocument::UnblockOnload(bool) src/dom/base/nsDocument.cpp:7721:9 #43 nsIDocument::DispatchContentLoadedEvents() src/dom/base/nsDocument.cpp:4881:3 #44 mozilla::detail::RunnableMethodImpl<nsIDocument*, void (nsIDocument::*)(), true, (mozilla::RunnableKind)0>::Run() src/obj-firefox/dist/include/nsThreadUtils.h:1158:13 #45 mozilla::SchedulerGroup::Runnable::Run() src/xpcom/threads/SchedulerGroup.cpp:299:32 #46 nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1157:14 #47 NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:468:10 #48 mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:88:21 #49 MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:314:10 #50 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:289:3 #51 nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27 #52 XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:915:20 #53 mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:238:9 #54 MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:314:10 #55 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:289:3 #56 XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:753:34 #57 content_process_main(mozilla::Bootstrap*, int, char**) src/browser/app/../../ipc/contentproc/plugin-container.cpp:49:28 #58 main src/browser/app/nsBrowserApp.cpp:265:18 #59 __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291 #60 _start (firefox+0x349f4)

Flags: in-testsuite?

Tyson Smith [:tsmith]

Reporter

Comment 1

•

7 years ago

This test case also triggers a crash near null

Crash Signature: [@ mozilla::HTMLEditRules::GetHighestInlineParent]

Makoto Kato [:m_kato]

Updated

•

6 years ago

Priority: -- → P2

Masayuki Nakano [:masayuki] (he/him)(JST, +0900)

Comment 2

•

6 years ago

With the refactoring, changed the crashed point:

Assertion failure: aPoint.IsSetAndValid(), at m:/src/editor/libeditor/EditorBase.cpp:3429
#01: mozilla::HTMLEditor::CreateRangeExtendedToHardLineStartAndEnd<nsINode *,nsIContent *,nsINode *,nsIContent *> (m:\src\editor\libeditor\HTMLEditRules.cpp:7522)
#02: mozilla::HTMLEditor::SplitInlinesAndCollectEditTargetNodesInOneHardLine (m:\fx64-dbg\dist\include\mozilla\HTMLEditor.h:1505)
#03: mozilla::HTMLEditor::MoveOneHardLineContents (m:\src\editor\libeditor\HTMLEditRules.cpp:3904)
#04: mozilla::HTMLEditor::TryToJoinBlocksWithTransaction (m:\src\editor\libeditor\HTMLEditRules.cpp:3644)
#05: mozilla::HTMLEditRules::HandleDeleteCollapsedSelectionAtOtherBlockBoundary (m:\src\editor\libeditor\HTMLEditRules.cpp:2958)
#06: mozilla::HTMLEditRules::HandleDeleteAroundCollapsedSelection (m:\src\editor\libeditor\HTMLEditRules.cpp:2522)
#07: mozilla::HTMLEditRules::WillDeleteSelection (m:\src\editor\libeditor\HTMLEditRules.cpp:2433)
#08: mozilla::HTMLEditRules::WillDoAction (m:\src\editor\libeditor\HTMLEditRules.cpp:779)
#09: mozilla::TextEditor::DeleteSelectionAsSubAction (m:\src\editor\libeditor\TextEditor.cpp:663)
#10: mozilla::TextEditor::DeleteSelectionAsAction (m:\src\editor\libeditor\TextEditor.cpp:636)
#11: mozilla::DeleteCommand::DoCommand (m:\src\editor\libeditor\EditorCommands.cpp:618)
#12: mozilla::dom::Document::ExecCommand (m:\src\dom\base\Document.cpp:0)
#13: mozilla::dom::Document_Binding::execCommand (m:\fx64-dbg\dom\bindings\DocumentBinding.cpp:3580)
#14: mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy,mozilla::dom::binding_detail::ThrowExceptions> (m:\src\dom\bindings\BindingUtils.cpp:3165)
#15: CallJSNative (m:\src\js\src\vm\Interpreter.cpp:447)
#16: js::InternalCallOrConstruct (m:\src\js\src\vm\Interpreter.cpp:539)
#17: InternalCall (m:\src\js\src\vm\Interpreter.cpp:594)
#18: Interpret (m:\src\js\src\vm\Interpreter.cpp:3084)
#19: js::RunScript (m:\src\js\src\vm\Interpreter.cpp:424)
#20: js::InternalCallOrConstruct (m:\src\js\src\vm\Interpreter.cpp:567)
#21: InternalCall (m:\src\js\src\vm\Interpreter.cpp:594)
#22: js::Call (m:\src\js\src\vm\Interpreter.cpp:610)
#23: JS::Call (m:\src\js\src\jsapi.cpp:2722)
#24: mozilla::dom::EventHandlerNonNull::Call (m:\fx64-dbg\dom\bindings\EventHandlerBinding.cpp:267)
#25: mozilla::dom::EventHandlerNonNull::Call<nsCOMPtr<mozilla::dom::EventTarget> > (m:\fx64-dbg\dist\include\mozilla\dom\EventHandlerBinding.h:363)
#26: mozilla::JSEventHandler::HandleEvent (m:\src\dom\events\JSEventHandler.cpp:206)
#27: mozilla::EventListenerManager::HandleEventSubType (m:\src\dom\events\EventListenerManager.cpp:1040)
#28: mozilla::EventListenerManager::HandleEventInternal (m:\src\dom\events\EventListenerManager.cpp:1235)
#29: mozilla::EventTargetChainItem::HandleEvent (m:\src\dom\events\EventDispatcher.cpp:352)
#30: mozilla::EventTargetChainItem::HandleEventTargetChain (m:\src\dom\events\EventDispatcher.cpp:553)
#31: mozilla::EventDispatcher::Dispatch (m:\src\dom\events\EventDispatcher.cpp:1047)
#32: nsDocumentViewer::LoadComplete (m:\src\layout\base\nsDocumentViewer.cpp:1170)
#33: nsDocShell::EndPageLoad (m:\src\docshell\base\nsDocShell.cpp:6519)
#34: nsDocShell::OnStateChange (m:\src\docshell\base\nsDocShell.cpp:6319)
#35: nsDocLoader::DoFireOnStateChange (m:\src\uriloader\base\nsDocLoader.cpp:1333)
#36: nsDocLoader::doStopDocumentLoad (m:\src\uriloader\base\nsDocLoader.cpp:891)
#37: nsDocLoader::DocLoaderIsEmpty (m:\src\uriloader\base\nsDocLoader.cpp:716)
#38: nsDocLoader::OnStopRequest (m:\src\uriloader\base\nsDocLoader.cpp:615)
#39: mozilla::net::nsLoadGroup::RemoveRequest (m:\src\netwerk\base\nsLoadGroup.cpp:568)
#40: imgRequestProxy::RemoveFromLoadGroup (m:\src\image\imgRequestProxy.cpp:405)
#41: imgRequestProxy::OnLoadComplete (m:\src\image\imgRequestProxy.cpp:1056)
#42: mozilla::image::ImageObserverNotifier<const mozilla::image::ObserverTable *>::operator()<`lambda at m:/src/image/ProgressTracker.cpp:352:12'> (m:\src\image\ProgressTracker.cpp:285)
#43: mozilla::image::SyncNotifyInternal<const mozilla::image::ObserverTable *> (m:\src\image\ProgressTracker.cpp:356)
#44: mozilla::image::ProgressTracker::SyncNotifyProgress (m:\src\image\ProgressTracker.cpp:370)
#45: mozilla::image::VectorImage::OnSVGDocumentLoaded (m:\src\image\VectorImage.cpp:1431)
#46: mozilla::image::SVGLoadEventListener::HandleEvent (m:\src\image\VectorImage.cpp:211)
#47: mozilla::EventListenerManager::HandleEventSubType (m:\src\dom\events\EventListenerManager.cpp:1040)
#48: mozilla::EventListenerManager::HandleEventInternal (m:\src\dom\events\EventListenerManager.cpp:1235)
#49: mozilla::EventTargetChainItem::HandleEvent (m:\src\dom\events\EventDispatcher.cpp:352)
#50: mozilla::EventTargetChainItem::HandleEventTargetChain (m:\src\dom\events\EventDispatcher.cpp:553)
#51: mozilla::EventDispatcher::Dispatch (m:\src\dom\events\EventDispatcher.cpp:1047)
#52: mozilla::EventDispatcher::DispatchDOMEvent (m:\src\dom\events\EventDispatcher.cpp:1151)
#53: nsINode::DispatchEvent (m:\src\dom\base\nsINode.cpp:1061)
#54: mozilla::dom::EventTarget::DispatchEvent (m:\src\dom\events\EventTarget.cpp:178)
#55: mozilla::AsyncEventDispatcher::Run (m:\src\dom\events\AsyncEventDispatcher.cpp:71)
#56: nsThread::ProcessNextEvent (m:\src\xpcom\threads\nsThread.cpp:1214)
#57: NS_ProcessNextEvent (m:\src\xpcom\threads\nsThreadUtils.cpp:486)
#58: mozilla::ipc::MessagePump::Run (m:\src\ipc\glue\MessagePump.cpp:88)
#59: MessageLoop::RunHandler (m:\src\ipc\chromium\src\base\message_loop.cc:309)
#60: MessageLoop::Run (m:\src\ipc\chromium\src\base\message_loop.cc:291)
#61: nsBaseAppShell::Run (m:\src\widget\nsBaseAppShell.cpp:139)
#62: nsAppShell::Run (m:\src\widget\windows\nsAppShell.cpp:406)
#63: XRE_RunAppShell (m:\src\toolkit\xre\nsEmbedFunctions.cpp:934)
#64: mozilla::ipc::MessagePumpForChildProcess::Run (m:\src\ipc\glue\MessagePump.cpp:238)
#65: MessageLoop::RunHandler (m:\src\ipc\chromium\src\base\message_loop.cc:309)
#66: MessageLoop::Run (m:\src\ipc\chromium\src\base\message_loop.cc:291)
#67: XRE_InitChildProcess (m:\src\toolkit\xre\nsEmbedFunctions.cpp:773)
#68: NS_internal_main (m:\src\browser\app\nsBrowserApp.cpp:267)
#69: wmain (m:\src\toolkit\xre\nsWindowsWMain.cpp:131)
#70: __scrt_common_main_seh (f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl:283)
#71: BaseThreadInitThunk[C:\WINDOWS\System32\KERNEL32.DLL +0x17bd4]
#72: RtlUserThreadStart[C:\WINDOWS\SYSTEM32\ntdll.dll +0x6ce71]

Summary: Assertion failure: !ignoredError.Failed(), at src/editor/libeditor/HTMLEditRules.cpp:7543 → Assertion failure: aPoint.IsSetAndValid(), at m:/src/editor/libeditor/EditorBase.cpp:3429

Masayuki Nakano [:masayuki] (he/him)(JST, +0900)

Comment 3

•

5 years ago

Not reproducible. Miroko's refactoring might have fixed this bug.

Status: NEW → RESOLVED

Closed: 5 years ago

Resolution: --- → WORKSFORME

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Assertion failure: aPoint.IsSetAndValid(), at m:/src/editor/libeditor/EditorBase.cpp:3429

Categories

(Core :: DOM: Editor, defect, P2)

Tracking

()

People

(Reporter: tsmith, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, crash, testcase)

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Updated

Comment 2

Comment 3

Attachment

General

Description

File Name

Content Type