Closed Bug 798963 Opened 12 years ago Closed 7 years ago

Crash typing into contentEditable after selection has been cleared

Categories

(Core :: DOM: Editor, defect, P2)

Product:
Core
Component:
DOM: Editor
Platform:
x86_64
macOS
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1345015

People

(Reporter: jruderman, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, crash, testcase)

Crash Data

Attachments

(2 files, 1 obsolete file)

testcase (see comment 0)
382 bytes, text/html
Details
log.txt
8.89 KB, text/plain
Details 
1. Load the testcase (with focus).
2. Press the 'x' key.

Result: Crash [@ nsHTMLEditRules::GetPromotedPoint ]
Attached file stack trace (obsolete) — 
Nightly: bp-9d3c9416-ce25-4d51-be03-abba22121007
Is this a regression?
Blocks: fuzz-keys
This still reproduces with the STR in comment 0.

Backtrace from mozilla-central rev a793136c90bc (nightly asan):
==8239==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f137f3b01dd bp 0x7ffec4185a20 sp 0x7ffec41856e0 T0)
    #0 0x7f137f3b01dc in mozilla::HTMLEditRules::GetPromotedPoint(mozilla::HTMLEditRules::RulesEndpoint, nsIDOMNode*, int, EditAction, nsCOMPtr<nsIDOMNode>*, int*) /home/worker/workspace/build/src/editor/libeditor/HTMLEditRules.cpp:5422:16
    #1 0x7f137f343f85 in mozilla::HTMLEditRules::PromoteRange(nsRange&, EditAction) /home/worker/workspace/build/src/editor/libeditor/HTMLEditRules.cpp:5657:3
    #2 0x7f137f342d7a in mozilla::HTMLEditRules::AfterEditInner(EditAction, short) /home/worker/workspace/build/src/editor/libeditor/HTMLEditRules.cpp:457:5
    #3 0x7f137f342566 in mozilla::HTMLEditRules::AfterEdit(EditAction, short) /home/worker/workspace/build/src/editor/libeditor/HTMLEditRules.cpp:400:10
    #4 0x7f137f3eb21b in mozilla::HTMLEditor::EndOperation() /home/worker/workspace/build/src/editor/libeditor/HTMLEditor.cpp:3515:25
    #5 0x7f137f472881 in ~AutoRules /home/worker/workspace/build/src/obj-firefox/dist/include/mozilla/EditorUtils.h:251:7
    #6 0x7f137f472881 in mozilla::TextEditor::InsertText(nsAString_internal const&) /home/worker/workspace/build/src/editor/libeditor/TextEditor.cpp:684
    #7 0x7f137f4707f4 in mozilla::TextEditor::TypedText(nsAString_internal const&, mozilla::TextEditor::ETypingAction) /home/worker/workspace/build/src/editor/libeditor/TextEditor.cpp:413:14
    #8 0x7f137f3c7579 in TypedText /home/worker/workspace/build/src/editor/libeditor/HTMLEditor.cpp:1013:10
    #9 0x7f137f3c7579 in mozilla::HTMLEditor::HandleKeyPressEvent(mozilla::WidgetKeyboardEvent*) /home/worker/workspace/build/src/editor/libeditor/HTMLEditor.cpp:699
    #10 0x7f137f31cc07 in mozilla::EditorEventListener::KeyPress(mozilla::WidgetKeyboardEvent*) /home/worker/workspace/build/src/editor/libeditor/EditorEventListener.cpp:613:17
Attached file log.txt 
Debug log from mozilla-central rev 34c6c2f302e7
Attachment #668951 - Attachment is obsolete: true
Priority: -- → P2
Crash Signature: [@ nsHTMLEditRules::GetPromotedPoint ] → [@ nsHTMLEditRules::GetPromotedPoint ] [@ mozilla::HTMLEditRules::GetPromotedPoint ]
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: