The crash occurs when ToTextLeafPoint on the HyperTextAccessible with the caret offset returns an invalid point. I don't understand how that could happen, though. That should only happen if an invalid HyperText offset is provided, but the caret offset retrieved from HyperTextAccessible::CaretOffset should never be invalid. I've added an assertion to try to catch this with a graceful return for non-debug builds.
Bug 1905021 Comment 13 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
The crash occurs when ToTextLeafPoint on the HyperTextAccessible with the caret offset returns an invalid point. I don't understand how that could happen, though. That should only happen if an invalid HyperText offset is provided, but the caret offset retrieved from HyperTextAccessible::CaretOffset should never be invalid. I've added an assertion to try to catch this with a graceful return for non-debug builds. I did take a look at some crash dumps, but unfortunately, all of the variables I need for better diagnosis in the TextLeafPoint::GetCaret stack frame aren't included in any of the dumps.