My initial guess is that the string we pass to the methods here https://hg.mozilla.org/releases/mozilla-release/file/0f0ba6e8029d8148743c4aa50c2be4c4c643f8a4/dom/html/TextControlState.cpp#l2847 is somehow deleted, and then when https://hg.mozilla.org/releases/mozilla-release/file/0f0ba6e8029d8148743c4aa50c2be4c4c643f8a4/editor/libeditor/TextEditSubActionHandler.cpp#l582 goes out of scope at the end of the method, we crash, because the string buffer is bogus or something.
Bug 1746295 Comment 3 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
My initial guess is that the string we pass to the methods here https://hg.mozilla.org/releases/mozilla-release/file/0f0ba6e8029d8148743c4aa50c2be4c4c643f8a4/dom/html/TextControlState.cpp#l2847 is somehow deleted, and then when https://hg.mozilla.org/releases/mozilla-release/file/0f0ba6e8029d8148743c4aa50c2be4c4c643f8a4/editor/libeditor/TextEditSubActionHandler.cpp#l582 goes out of scope at the end of the method, we crash, because the string buffer is bogus or something. I didn't check the pernosco session.