Assertion failure: isNewLinePreformatted, at /builds/worker/checkouts/gecko/editor/libeditor/HTMLEditor.cpp:4554
Categories
(Core :: DOM: Editor, defect)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr115 | --- | unaffected |
firefox-esr128 | --- | unaffected |
firefox134 | --- | unaffected |
firefox135 | --- | wontfix |
firefox136 | --- | wontfix |
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug, Regression)
Details
(4 keywords, Whiteboard: [bugmon:bisected,confirmed])
Attachments
(1 file)
312 bytes,
text/html
|
Details |
Found while fuzzing m-c 20241214-df965ece56c1 (--enable-debug --enable-fuzzing)
To reproduce via Grizzly Replay:
$ pip install fuzzfetch grizzly-framework --upgrade
$ python -m fuzzfetch -d --fuzzing -n firefox
$ python -m grizzly.replay.bugzilla ./firefox/firefox <bugid>
Assertion failure: isNewLinePreformatted, at /builds/worker/checkouts/gecko/editor/libeditor/HTMLEditor.cpp:4554
#0 0x7a11a0fbbafb in mozilla::HTMLEditor::EnsureNoFollowingUnnecessaryLineBreak(mozilla::EditorDOMPointBase<nsCOMPtr<nsINode>, nsCOMPtr<nsIContent>> const&) /builds/worker/checkouts/gecko/editor/libeditor/HTMLEditor.cpp:4554:3
#1 0x7a11a106b2d8 in mozilla::HTMLEditor::AutoDeleteRangesHandler::DeleteUnnecessaryNodes(mozilla::HTMLEditor&, mozilla::EditorDOMRangeBase<mozilla::EditorDOMPointBase<nsCOMPtr<nsINode>, nsCOMPtr<nsIContent>>> const&, mozilla::dom::Element const&) /builds/worker/checkouts/gecko/editor/libeditor/HTMLEditorDeleteHandler.cpp:5653:21
#2 0x7a11a106d698 in mozilla::HTMLEditor::AutoDeleteRangesHandler::AutoBlockElementsJoiner::DeleteContentInRange(mozilla::HTMLEditor&, mozilla::LimitersAndCaretData const&, short, short, nsRange&, mozilla::dom::Element const&) /builds/worker/checkouts/gecko/editor/libeditor/HTMLEditorDeleteHandler.cpp:4436:39
#3 0x7a11a106be3e in mozilla::HTMLEditor::AutoDeleteRangesHandler::AutoBlockElementsJoiner::Run(mozilla::HTMLEditor&, mozilla::LimitersAndCaretData const&, short, short, nsRange&, mozilla::HTMLEditor::AutoDeleteRangesHandler::SelectionWasCollapsed, mozilla::dom::Element const&) /builds/worker/checkouts/gecko/editor/libeditor/HTMLEditorDeleteHandler.cpp:696:55
#4 0x7a11a105788c in mozilla::HTMLEditor::AutoDeleteRangesHandler::HandleDeleteNonCollapsedRanges(mozilla::HTMLEditor&, short, short, mozilla::AutoClonedSelectionRangeArray&, mozilla::HTMLEditor::AutoDeleteRangesHandler::SelectionWasCollapsed, mozilla::dom::Element const&) /builds/worker/checkouts/gecko/editor/libeditor/HTMLEditorDeleteHandler.cpp:4155:16
#5 0x7a11a104ef70 in mozilla::HTMLEditor::AutoDeleteRangesHandler::Run(mozilla::HTMLEditor&, short, short, mozilla::AutoClonedSelectionRangeArray&, mozilla::dom::Element const&) /builds/worker/checkouts/gecko/editor/libeditor/HTMLEditorDeleteHandler.cpp:1917:47
#6 0x7a11a104e53b in mozilla::HTMLEditor::HandleDeleteSelection(short, short) /builds/worker/checkouts/gecko/editor/libeditor/HTMLEditorDeleteHandler.cpp:1260:61
#7 0x7a11a0f7546c in mozilla::EditorBase::DeleteSelectionAsSubAction(short, short) /builds/worker/checkouts/gecko/editor/libeditor/EditorBase.cpp:4738:9
#8 0x7a11a0f6f3b2 in mozilla::EditorBase::DeleteSelectionAsAction(short, short, nsIPrincipal*) /builds/worker/checkouts/gecko/editor/libeditor/EditorBase.cpp:4701:8
#9 0x7a11a0f90cf8 in mozilla::DeleteCommand::DoCommandParam(mozilla::Command, mozilla::EditorBase&, nsIPrincipal*) const /builds/worker/checkouts/gecko/editor/libeditor/EditorCommands.cpp:626:29
#10 0x7a119d34cacc in mozilla::dom::Document::ExecCommand(nsTSubstring<char16_t> const&, bool, mozilla::dom::TrustedHTMLOrString const&, nsIPrincipal&, mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/base/Document.cpp:5619:37
#11 0x7a119e478ea9 in mozilla::dom::Document_Binding::execCommand(JSContext*, JS::Handle<JSObject*>, void*, JSJitMethodCallArgs const&) /builds/worker/workspace/obj-build/dom/bindings/./DocumentBinding.cpp:4165:36
#12 0x7a119e74346d in bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/dom/bindings/BindingUtils.cpp:3290:13
#13 0x33bfcf81ab98 ([anon:js-executable-memory]+0x2b98)
Updated•17 days ago
|
Comment 1•15 days ago
|
||
Verified bug as reproducible on mozilla-central 20250202210625-fc959685b9d9.
The bug appears to have been introduced in the following build range:
Start: 855890e2cd16cf21ac6f740b83aa69ab2519b1b9 (20241213012346)
End: 3a912704bc24872e037fe3102cd5483ba5105993 (20241213025822)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=855890e2cd16cf21ac6f740b83aa69ab2519b1b9&tochange=3a912704bc24872e037fe3102cd5483ba5105993
Comment 2•15 days ago
|
||
Ah, it's just a bug of the assertion. The found unnecessary preformatted linefeed may be in different Text
whose white-space
is different from the scan start position. So, this does not detect a bug of HTMLEditor
itself.
Updated•15 days ago
|
Description
•