Crash typing into contentEditable after selection has been cleared

RESOLVED DUPLICATE of bug 1345015

Status

()

P2
critical
RESOLVED DUPLICATE of bug 1345015
6 years ago
2 years ago

People

(Reporter: jruderman, Unassigned)

Tracking

(Blocks: 2 bugs, {assertion, crash, testcase})

Trunk
x86_64
Mac OS X
assertion, crash, testcase
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

Attachments

(2 attachments, 1 obsolete attachment)

(Reporter)

Description

6 years ago
Created attachment 668950 [details]
testcase (see comment 0)

1. Load the testcase (with focus).
2. Press the 'x' key.

Result: Crash [@ nsHTMLEditRules::GetPromotedPoint ]
(Reporter)

Comment 1

6 years ago
Created attachment 668951 [details]
stack trace

Nightly: bp-9d3c9416-ce25-4d51-be03-abba22121007

Comment 2

6 years ago
Is this a regression?
(Reporter)

Updated

5 years ago
Blocks: 894118
This still reproduces with the STR in comment 0.

Backtrace from mozilla-central rev a793136c90bc (nightly asan):
==8239==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f137f3b01dd bp 0x7ffec4185a20 sp 0x7ffec41856e0 T0)
    #0 0x7f137f3b01dc in mozilla::HTMLEditRules::GetPromotedPoint(mozilla::HTMLEditRules::RulesEndpoint, nsIDOMNode*, int, EditAction, nsCOMPtr<nsIDOMNode>*, int*) /home/worker/workspace/build/src/editor/libeditor/HTMLEditRules.cpp:5422:16
    #1 0x7f137f343f85 in mozilla::HTMLEditRules::PromoteRange(nsRange&, EditAction) /home/worker/workspace/build/src/editor/libeditor/HTMLEditRules.cpp:5657:3
    #2 0x7f137f342d7a in mozilla::HTMLEditRules::AfterEditInner(EditAction, short) /home/worker/workspace/build/src/editor/libeditor/HTMLEditRules.cpp:457:5
    #3 0x7f137f342566 in mozilla::HTMLEditRules::AfterEdit(EditAction, short) /home/worker/workspace/build/src/editor/libeditor/HTMLEditRules.cpp:400:10
    #4 0x7f137f3eb21b in mozilla::HTMLEditor::EndOperation() /home/worker/workspace/build/src/editor/libeditor/HTMLEditor.cpp:3515:25
    #5 0x7f137f472881 in ~AutoRules /home/worker/workspace/build/src/obj-firefox/dist/include/mozilla/EditorUtils.h:251:7
    #6 0x7f137f472881 in mozilla::TextEditor::InsertText(nsAString_internal const&) /home/worker/workspace/build/src/editor/libeditor/TextEditor.cpp:684
    #7 0x7f137f4707f4 in mozilla::TextEditor::TypedText(nsAString_internal const&, mozilla::TextEditor::ETypingAction) /home/worker/workspace/build/src/editor/libeditor/TextEditor.cpp:413:14
    #8 0x7f137f3c7579 in TypedText /home/worker/workspace/build/src/editor/libeditor/HTMLEditor.cpp:1013:10
    #9 0x7f137f3c7579 in mozilla::HTMLEditor::HandleKeyPressEvent(mozilla::WidgetKeyboardEvent*) /home/worker/workspace/build/src/editor/libeditor/HTMLEditor.cpp:699
    #10 0x7f137f31cc07 in mozilla::EditorEventListener::KeyPress(mozilla::WidgetKeyboardEvent*) /home/worker/workspace/build/src/editor/libeditor/EditorEventListener.cpp:613:17
Created attachment 8843352 [details]
log.txt

Debug log from mozilla-central rev 34c6c2f302e7
Attachment #668951 - Attachment is obsolete: true

Updated

2 years ago
Priority: -- → P2

Updated

2 years ago
Crash Signature: [@ nsHTMLEditRules::GetPromotedPoint ] → [@ nsHTMLEditRules::GetPromotedPoint ] [@ mozilla::HTMLEditRules::GetPromotedPoint ]

Updated

2 years ago
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1345015
You need to log in before you can comment on or make changes to this bug.