Open
Bug 992748
Opened 10 years ago
Updated 2 years ago
copy and paste leads to crash: Assertion failure: selection->GetAnchorFocusRange() && selection->GetAnchorFocusRange()->Collapsed() (Selection not collapsed after delete), at ../../../../editor/libeditor/base/nsEditor.cpp
Categories
(Core :: DOM: Editor, defect)
Tracking
()
UNCONFIRMED
People
(Reporter: lists, Unassigned)
Details
(Keywords: crash)
User Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:28.0) Gecko/20100101 Firefox/28.0 (Beta/Release)
Build ID: 20140405165353
Steps to reproduce:
1. Open two Google Docs docs
2. Copy from one
3. paste in the other
Actual results:
Crash:
Assertion failure: selection->GetAnchorFocusRange() && selection->GetAnchorFocusRange()->Collapsed() (Selection not collapsed after delete), at ../../../../editor/libeditor/base/nsEditor.cpp
* thread #1: tid = 0, 0x0000000800fd2f2a libc.so.7`__sys_thr_kill + 10 at thr_kill.S:3, name = 'firefox', stop reason = signal SIGSEGV
* frame #0: 0x0000000800fd2f2a libc.so.7`__sys_thr_kill + 10 at thr_kill.S:3
frame #1: 0x000000080430c019 libxul.so`nsProfileLock::FatalSignalHandler(signo=11, info=<unavailable>, context=<unavailable>) + 361 at nsProfileLock.cpp:180
frame #2: 0x0000000800d4e456 libthr.so.3`handle_signal(actp=<unavailable>, sig=11, info=0x00007fffffffa8b0, ucp=0x00007fffffffa540) + 214 at thr_sig.c:238
frame #3: 0x0000000800d4e04c libthr.so.3`thr_sighandler(sig=<unavailable>, info=<unavailable>, _ucp=<unavailable>) + 332 at thr_sig.c:183
frame #4: 0x00007ffffffff193
frame #5: 0x0000000803aeb205 libxul.so`nsHTMLEditor::DoInsertHTMLWithContext(this=0x000000082dcf3c00, aInputString=<unavailable>, aContextStr=<unavailable>, aInfoStr=<unavailable>, aFlavor=<unavailable>, aSourceDoc=<unavailable>, aDestNode=<unavailable>, aDestOffset=<unavailable>, aDeleteSelection=<unavailable>, aTrustedInput=<unavailable>, aClearStyle=<unavailable>) + 1141 at nsHTMLDataTransfer.cpp:365
frame #6: 0x0000000803af3789 libxul.so`nsHTMLEditor::InsertFromTransferable(this=<unavailable>, transferable=<unavailable>, aSourceDoc=<unavailable>, aContextStr=<unavailable>, aInfoStr=<unavailable>, aDestinationNode=<unavailable>, aDestOffset=<unavailable>, aDoDeleteSelection=<unavailable>) + 2601 at nsHTMLDataTransfer.cpp:1204
frame #7: 0x0000000803af5145 libxul.so`nsHTMLEditor::Paste(this=0x000000082dcf3c00, aSelectionType=<unavailable>) + 2325 at nsHTMLDataTransfer.cpp:1417
frame #8: 0x0000000803abc9c0 libxul.so`nsPasteCommand::DoCommand(this=<unavailable>, aCommandName=<unavailable>, aCommandRefCon=<unavailable>) + 96 at nsEditorCommands.cpp:410
frame #9: 0x000000080418f20e libxul.so`nsControllerCommandTable::DoCommand(this=<unavailable>, aCommandName=0x00007fffffffb718, aCommandRefCon=0x000000082dcf3c00) + 94 at nsControllerCommandTable.cpp:158
frame #10: 0x000000080418adcf libxul.so`nsBaseCommandController::DoCommand(this=<unavailable>, aCommand=0x00007fffffffb718) + 175 at nsBaseCommandController.cpp:137
frame #11: 0x0000000803a1420d libxul.so`nsXBLPrototypeHandler::DispatchXBLCommand(this=<unavailable>, aTarget=<unavailable>, aEvent=<unavailable>) + 2413 at nsXBLPrototypeHandler.cpp:523
frame #12: 0x0000000803a03d64 libxul.so`nsXBLPrototypeHandler::ExecuteHandler(this=0x000000082941cd00, aTarget=0x000000081db9eb50, aEvent=0x000000081fed7658) + 212 at nsXBLPrototypeHandler.cpp:218
frame #13: 0x0000000803a203df libxul.so`nsXBLWindowKeyHandler::WalkHandlersAndExecute(this=0x000000081db9a340, aKeyEvent=0x000000081fed7658, aEventType=0x0000000817d670a0, aHandler=<unavailable>, aCharCode=118, aIgnoreShiftKey=<unavailable>) + 1759 at nsXBLWindowKeyHandler.cpp:568
frame #14: 0x0000000803a1f786 libxul.so`nsXBLWindowKeyHandler::WalkHandlersInternal(this=0x000000081db9a340, aKeyEvent=0x000000081fed7658, aEventType=0x0000000817d670a0, aHandler=0x000000082941c980) + 182 at nsXBLWindowKeyHandler.cpp:486
frame #15: 0x0000000803a1f4ed libxul.so`nsXBLWindowKeyHandler::WalkHandlers(this=0x000000081db9a340, aKeyEvent=0x000000081fed7658, aEventType=0x0000000817d670a0) + 413 at nsXBLWindowKeyHandler.cpp:344
frame #16: 0x0000000803a1fbc5 libxul.so`nsXBLWindowKeyHandler::HandleEvent(this=0x000000081db9a340, aEvent=<unavailable>) + 421 at nsXBLWindowKeyHandler.cpp:407
frame #17: 0x00000008036e71c0 libxul.so`nsEventListenerManager::HandleEventSubType(this=0x000000081dbe53e0, aListenerStruct=<unavailable>, aDOMEvent=0x000000081fed75c0, aCurrentTarget=0x000000081db9eb50, aPusher=<unavailable>) + 128 at nsEventListenerManager.cpp:930
frame #18: 0x00000008036e756a libxul.so`nsEventListenerManager::HandleEventInternal(this=0x000000081dbe53e0, aPresContext=0x000000082c5b2c00, aEvent=0x00007fffffffc8e8, aDOMEvent=0x00007fffffffc120, aCurrentTarget=0x000000081db9eb50, aEventStatus=0x00007fffffffc128, aPusher=<unavailable>) + 826 at nsEventListenerManager.cpp:1007
frame #19: 0x00000008036f018b libxul.so`nsEventTargetChainItem::HandleEvent(nsEventChainPostVisitor&, ELMCreationDetector&, nsCxPusher*) [inlined] nsRefPtr<nsEventListenerManager>::operator->(this=0x000000081dbe53e0, aPresContext=<unavailable>, aEvent=<unavailable>, aDOMEvent=<unavailable>, aCurrentTarget=<unavailable>, aEventStatus=<unavailable>, aPusher=0x00007fffffffc0c0) const + 475 at nsEventListenerManager.h:325
frame #20: 0x00000008036f017f libxul.so`nsEventTargetChainItem::HandleEvent(this=<unavailable>, aVisitor=0x00007fffffffc110, aCd=<unavailable>, aPusher=0x00007fffffffc0c0) + 463 at nsEventDispatcher.cpp:193
frame #21: 0x00000008036e0993 libxul.so`nsEventTargetChainItem::HandleEventTargetChain(aChain=0x00007fffffffc190, aVisitor=0x00007fffffffc110, aCallback=0x00007fffffffc288, aCd=0x00007fffffffc198, aPusher=0x00007fffffffc0c0) + 1043 at nsEventDispatcher.cpp:313
frame #22: 0x00000008036e0b9c libxul.so`nsEventTargetChainItem::HandleEventTargetChain(aChain=0x00007fffffffc190, aVisitor=0x00007fffffffc110, aCallback=0x00007fffffffc288, aCd=0x00007fffffffc198, aPusher=0x00007fffffffc0c0) + 1564 at nsEventDispatcher.cpp:342
frame #23: 0x00000008036e20ee libxul.so`nsEventDispatcher::Dispatch(aTarget=<unavailable>, aPresContext=0x000000082c5b2c00, aEvent=0x00007fffffffc8e8, aDOMEvent=<unavailable>, aEventStatus=0x00007fffffffc764, aCallback=0x00007fffffffc288, aTargets=<unavailable>) + 4750 at nsEventDispatcher.cpp:605
frame #24: 0x0000000803cb95a3 libxul.so`PresShell::HandleEventInternal(this=0x000000082c593d00, aEvent=0x00007fffffffc8e8, aStatus=0x00007fffffffc764) + 4579 at nsPresShell.cpp:7127
frame #25: 0x0000000803cb744c libxul.so`PresShell::HandleEvent(this=0x000000082c593d00, aFrame=<unavailable>, aEvent=0x00007fffffffc8e8, aDontRetargetEvents=<unavailable>, aEventStatus=0x00007fffffffc764) + 5260 at nsPresShell.cpp:6744
frame #26: 0x0000000803cb638a libxul.so`PresShell::HandleEvent(this=0x000000081b4a8b00, aFrame=0x000000081c4bd948, aEvent=0x00007fffffffc8e8, aDontRetargetEvents=<unavailable>, aEventStatus=0x00007fffffffc764) + 970 at nsPresShell.cpp:6336
frame #27: 0x000000080349e150 libxul.so`nsViewManager::DispatchEvent(this=<unavailable>, aEvent=0x00007fffffffc8e8, aView=<unavailable>, aStatus=0x00007fffffffc764) + 432 at nsViewManager.cpp:753
frame #28: 0x000000080349be69 libxul.so`nsView::HandleEvent(this=<unavailable>, aEvent=0x00007fffffffc8e8, aUseAttachedEvents=<unavailable>) + 265 at nsView.cpp:1084
frame #29: 0x000000080304e5a3 libxul.so`nsWindow::DispatchEvent(this=0x000000081d692080, aEvent=0x00007fffffffc8e8, aStatus=0x00007fffffffc99c) + 211 at nsWindow.cpp:466
frame #30: 0x0000000803055772 libxul.so`nsWindow::OnKeyPressEvent(this=0x000000081d692080, aEvent=<unavailable>) + 1106 at nsWindow.cpp:3054
frame #31: 0x0000000803057b21 libxul.so`key_press_event_cb(widget=<unavailable>, event=0x000000081e158cb0) + 305 at nsWindow.cpp:5474
frame #32: 0x000000080c702a20 libgtk-x11-2.0.so.0`_gtk_marshal_BOOLEAN__BOXED(closure=0x000000081db96cb0, return_value=0x00007fffffffcc40, n_param_values=2, param_values=0x00007fffffffccf0, invocation_hint=0x00007fffffffcc70, marshal_data=0x0000000000000000) + 304 at gtkmarshalers.c:86
frame #33: 0x000000080bde13c1 libgobject-2.0.so.0`g_closure_invoke + 273
frame #34: 0x000000080bdf5d3a libgobject-2.0.so.0`??? + 2138
frame #35: 0x000000080bdf6a8d libgobject-2.0.so.0`g_signal_emit_valist + 2237
frame #36: 0x000000080bdf70cc libgobject-2.0.so.0`g_signal_emit + 124
frame #37: 0x000000080c8d8d84 libgtk-x11-2.0.so.0`gtk_widget_event_internal(widget=0x0000000813652240, event=0x000000081e158cb0) + 772 at gtkwidget.c:5010
frame #38: 0x000000080c8d8a6a libgtk-x11-2.0.so.0`IA__gtk_widget_event(widget=0x0000000813652240, event=0x000000081e158cb0) + 346 at gtkwidget.c:4807
frame #39: 0x000000080c8f16de libgtk-x11-2.0.so.0`IA__gtk_window_propagate_key_event(window=0x0000000816ed2440, event=0x000000081e158cb0) + 382 at gtkwindow.c:5199
frame #40: 0x000000080c8fa486 libgtk-x11-2.0.so.0`gtk_window_key_press_event(widget=0x0000000816ed2440, event=0x000000081e158cb0) + 86 at gtkwindow.c:5229
frame #41: 0x000000080c702a20 libgtk-x11-2.0.so.0`_gtk_marshal_BOOLEAN__BOXED(closure=0x0000000817ccd120, return_value=0x00007fffffffd240, n_param_values=2, param_values=0x00007fffffffd2f0, invocation_hint=0x00007fffffffd270, marshal_data=0x000000080c8fa430) + 304 at gtkmarshalers.c:86
frame #42: 0x000000080bde13c1 libgobject-2.0.so.0`g_closure_invoke + 273
frame #43: 0x000000080bdf5ec3 libgobject-2.0.so.0`??? + 2531
frame #44: 0x000000080bdf6a8d libgobject-2.0.so.0`g_signal_emit_valist + 2237
frame #45: 0x000000080bdf70cc libgobject-2.0.so.0`g_signal_emit + 124
frame #46: 0x000000080c8d8d84 libgtk-x11-2.0.so.0`gtk_widget_event_internal(widget=0x0000000816ed2440, event=0x000000081e158cb0) + 772 at gtkwidget.c:5010
frame #47: 0x000000080c8d8a6a libgtk-x11-2.0.so.0`IA__gtk_widget_event(widget=0x0000000816ed2440, event=0x000000081e158cb0) + 346 at gtkwidget.c:4807
frame #48: 0x000000080c6fee13 libgtk-x11-2.0.so.0`IA__gtk_propagate_event(widget=0x0000000816ed2440, event=0x000000081e158cb0) + 675 at gtkmain.c:2464
frame #49: 0x000000080c6fe622 libgtk-x11-2.0.so.0`IA__gtk_main_do_event(event=0x000000081e158cb0) + 1330 at gtkmain.c:1685
frame #50: 0x000000080d1d5c74 libgdk-x11-2.0.so.0`gdk_event_dispatch(source=0x00000008017dd5c0, callback=0x0000000000000000, user_data=0x0000000000000000) + 148 at gdkevents-x11.c:2403
frame #51: 0x000000080c070a82 libglib-2.0.so.0`g_main_context_dispatch + 322
frame #52: 0x000000080c070e23 libglib-2.0.so.0`??? + 483
frame #53: 0x000000080c070eb4 libglib-2.0.so.0`g_main_context_iteration + 100
frame #54: 0x000000080304830f libxul.so`nsAppShell::ProcessNextNativeEvent(this=<unavailable>, mayWait=<unavailable>) + 15 at nsAppShell.cpp:138
frame #55: 0x0000000803093273 libxul.so`nsBaseAppShell::OnProcessNextEvent(nsIThreadInternal*, bool, unsigned int) [inlined] nsBaseAppShell::DoProcessNextNativeEvent(this=0x000000081369a4a0) + 30 at nsBaseAppShell.cpp:137
frame #56: 0x0000000803093255 libxul.so`nsBaseAppShell::OnProcessNextEvent(this=0x000000081369a4a0, thr=0x000000080177a520, mayWait=true, recursionDepth=0) + 453 at nsBaseAppShell.cpp:295
frame #57: 0x0000000803093410 libxul.so`non-virtual thunk to nsBaseAppShell::OnProcessNextEvent(this=<unavailable>, thr=<unavailable>, mayWait=<unavailable>, recursionDepth=<unavailable>) + 16 at Unified_cpp_widget_xpwidgets0.cpp:312
frame #58: 0x0000000802171e1e libxul.so`nsThread::ProcessNextEvent(this=0x000000080177a520, mayWait=true, result=0x00007fffffffda47) + 958 at nsThread.cpp:585
frame #59: 0x00000008020e2633 libxul.so`NS_ProcessNextEvent(thread=<unavailable>, mayWait=true) + 51 at nsThreadUtils.cpp:263
frame #60: 0x0000000802499ffa libxul.so`mozilla::ipc::MessagePump::Run(this=0x0000000813617480, aDelegate=0x000000080177e680) + 522 at MessagePump.cpp:124
frame #61: 0x0000000802463ee3 libxul.so`MessageLoop::Run() [inlined] MessageLoop::RunInternal(this=0x000000080177e680) + 131 at message_loop.cc:222
frame #62: 0x0000000802463e9f libxul.so`MessageLoop::Run() [inlined] MessageLoop::RunHandler(this=0x000000080177e680) at message_loop.cc:215
frame #63: 0x0000000802463e9f libxul.so`MessageLoop::Run(this=0x000000080177e680) + 63 at message_loop.cc:189
frame #64: 0x0000000803092ee9 libxul.so`nsBaseAppShell::Run(this=0x000000081369a4a0) + 41 at nsBaseAppShell.cpp:161
frame #65: 0x000000080435ba4c libxul.so`nsAppStartup::Run(this=0x0000000816e6c830) + 124 at nsAppStartup.cpp:276
frame #66: 0x00000008042fbf53 libxul.so`XREMain::XRE_mainRun(this=<unavailable>) + 4515 at nsAppRunner.cpp:4059
frame #67: 0x00000008042fc470 libxul.so`XREMain::XRE_main(this=0x00007fffffffdda0, argc=<unavailable>, argv=<unavailable>, aAppData=<unavailable>) + 256 at nsAppRunner.cpp:4127
frame #68: 0x00000008042fca70 libxul.so`XRE_main(argc=<unavailable>, argv=<unavailable>, aAppData=<unavailable>, aFlags=<unavailable>) + 256 at nsAppRunner.cpp:4337
frame #69: 0x0000000000404b94 firefox`main [inlined] do_main(argc=<unavailable>, argv=<unavailable>, xreDirectory=0x00000008017183c0) + 981 at nsBrowserApp.cpp:282
frame #70: 0x00000000004047bf firefox`main(argc=<unavailable>, argv=<unavailable>) + 735 at nsBrowserApp.cpp:636
frame #71: 0x00000000004043ff firefox`_start(ap=<unavailable>, cleanup=<unavailable>) + 367 at crt1.c:78
Expected results:
copy and paste - not a crash ;)
|
Reporter | |
Comment 1•10 years ago
|
||
note: while I am able to reproduce this easily on one system it is not clear to be that I provided sufficient conditions to repro for others. I am happy to provide additional details when requested.
|
|
Reporter | |
Updated•10 years ago
|
Component: Untriaged → Layout: Text
Product: Firefox → Core
|
|
Reporter | |
Updated•10 years ago
|
Component: Layout: Text → Editor
Can you still reproduce on 50.1.0 ? Output from about:support would also be helpful. For debugging using *unmodified* trunk build is preferred to avoid bias from downstream defaults, patches, etc. While default build includes debug symbols, looking at comment 0 and frame #34, system dependencies like devel/glib20 and x11-toolkits/gtk30 need them as well. $ pkg install python27 $ hg clone https://hg.mozilla.org/mozilla-unified firefox || git clone https://github.com/mozilla/gecko-dev firefox $ cd firefox $ ./mach bootstrap # select Firefox for Desktop $ hash rustc cargo 2>/dev/null || pkg install rust cargo $ nice ./mach build $ ./mach run
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•