Skip to content

/ servo

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

textarea setRangeText(): byte index 1 is not a char boundary #20028

Open
mateon1 opened this issue Feb 12, 2018 · 4 comments
Open

textarea setRangeText(): byte index 1 is not a char boundary #20028

mateon1 opened this issue Feb 12, 2018 · 4 comments
Labels
A-content/dom C-has-manual-testcase E-candidate-for-mentoring I-panic

Comments

@mateon1
Copy link
Contributor

@mateon1 mateon1 commented Feb 12, 2018

Found with domato.

<textarea></textarea>
<script>
t = document.querySelector("textarea");
t.value = String.fromCodePoint(128); // any multi-byte codepoint
t.setRangeText("", 1, 1);
</script>
VMware, Inc.
softpipe
3.3 (Core Profile) Mesa 17.3.0-devel
byte index 1 is not a char boundary; it is inside '\u{80}' (bytes 0..2) of `�` (thread ScriptThread PipelineId { namespace_id: PipelineNamespaceId(0), index: PipelineIndex(NonZero(NonZero(1))) }, at libcore/str/mod.rs:2238)
stack backtrace:
   0:     0x55555bd5f6f4 - backtrace::backtrace::libunwind::trace::h79984cabe80721dc
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.2/src/backtrace/libunwind.rs:53
                         - backtrace::backtrace::trace::h10c59b076f73358b
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.2/src/backtrace/mod.rs:42
   1:     0x55555bd56e7c - backtrace::capture::Backtrace::new::haef9cefb7535bc7c
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.2/src/capture.rs:64
   2:     0x55555597ca36 - servo::main::{{closure}}::h35a26859ef4691ad
                        at ports/servo/main.rs:146
   3:     0x55555bd72b35 - std::panicking::rust_panic_with_hook::haa00f5a9417cd684
                        at libstd/panicking.rs:577
   4:     0x55555bd729be - std::panicking::begin_panic::ha956683198499384
                        at libstd/panicking.rs:537
   5:     0x55555bd728ba - std::panicking::begin_panic_fmt::h587e116719f14631
                        at libstd/panicking.rs:521
   6:     0x55555bd72852 - rust_begin_unwind
                        at libstd/panicking.rs:497
   7:     0x55555bda70f0 - core::panicking::panic_fmt::h1d64949939b0af2f
                        at libcore/panicking.rs:71
   8:     0x55555bda2e4d - core::str::slice_error_fail::h06ef6d32c4732314
                        at libcore/str/mod.rs:0
   9:     0x555557c21913 - core::str::traits::<impl core::slice::SliceIndex<str> for core::ops::range::RangeTo<usize>>::index::{{closure}}::h4c6e733070f85706
                        at /checkout/src/libcore/str/mod.rs:1940
  10:     0x5555575c2a15 - <core::option::Option<T>>::unwrap_or_else::hc0d8ec493fb7dac4
                        at /checkout/src/libcore/option.rs:376
  11:     0x5555583683b4 - core::str::traits::<impl core::slice::SliceIndex<str> for core::ops::range::RangeTo<usize>>::index::hef3b8f31c5d6ca31
                        at /checkout/src/libcore/str/mod.rs:1940
  12:     0x555558341624 - core::str::traits::<impl core::ops::index::Index<core::ops::range::RangeTo<usize>> for str>::index::h6a2499d07e4591a6
                        at /checkout/src/libcore/str/mod.rs:1704
  13:     0x5555584c26fd - <script::textinput::TextInput<T>>::replace_selection::h0bb6d10c4877c4c4
                        at components/script/textinput.rs:345
  14:     0x5555574132e0 - <script::dom::textcontrol::TextControlSelection<'a, E>>::set_dom_range_text::hb116173fb6d8d9d6
                        at components/script/dom/textcontrol.rs:200
  15:     0x555556e860ab - <script::dom::htmltextareaelement::HTMLTextAreaElement as script::dom::bindings::codegen::Bindings::HTMLTextAreaElementBinding::HTMLTextAreaElementBinding::HTMLTextAreaElementMethods>::SetRangeText_::hccba29d09b66db8b
                        at components/script/dom/htmltextareaelement.rs:322
  16:     0x555557b0521c - script::dom::bindings::codegen::Bindings::HTMLTextAreaElementBinding::HTMLTextAreaElementBinding::setRangeText::{{closure}}::h9eb7fd86f279ca2c
                        at /shared/dev/rust/servo/target/debug/build/script-c42abaa61a41d086/out/Bindings/HTMLTextAreaElementBinding.rs:1646
  17:     0x555556467abc - core::ops::function::FnOnce::call_once::ha4c6ea504548a41d
                        at /checkout/src/libcore/ops/function.rs:223
  18:     0x55555718452a - <std::panic::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once::h02c0d0d23dc89306
                        at /checkout/src/libstd/panic.rs:293
  19:     0x555556cce394 - std::panicking::try::do_call::h3e0d4e4b24bbc335
                        at /checkout/src/libstd/panicking.rs:479
  20:     0x55555bd9b93e - __rust_maybe_catch_panic
                        at libpanic_unwind/lib.rs:102
  21:     0x555556c0b935 - std::panicking::try::h6f6e6c7a54303730
                        at /checkout/src/libstd/panicking.rs:458
  22:     0x5555571f1931 - std::panic::catch_unwind::h9694c53ed06dddf0
                        at /checkout/src/libstd/panic.rs:358
  23:     0x5555565453ce - mozjs::panic::wrap_panic::h0603111bf20069c4
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/mozjs-0.1.11/src/panic.rs:22
  24:     0x5555574e32f2 - script::dom::bindings::codegen::Bindings::HTMLTextAreaElementBinding::HTMLTextAreaElementBinding::setRangeText::h14bb866646b530cb
                        at /shared/dev/rust/servo/target/debug/build/script-c42abaa61a41d086/out/Bindings/HTMLTextAreaElementBinding.rs:1574
  25:     0x55555b02d738 - CallJitMethodOp
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/mozjs-0.1.11/src/jsglue.cpp:516
  26:     0x555556da45e2 - script::dom::bindings::utils::generic_call::h28b3f31a587ca835
                        at components/script/dom/bindings/utils.rs:450
  27:     0x555556da464b - script::dom::bindings::utils::generic_method::h900c34f332c13ac4
                        at components/script/dom/bindings/utils.rs:458
  28:     0x55555b6a96fb - _ZN2js12CallJSNativeEP9JSContextPFbS1_jPN2JS5ValueEERKNS2_8CallArgsE
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/mozjs_sys-0.50.0/mozjs/js/src/jscntxtinlines.h:232
  29:     0x55555b677b53 - _ZN2js23InternalCallOrConstructEP9JSContextRKN2JS8CallArgsENS_14MaybeConstructE
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/mozjs_sys-0.50.0/mozjs/js/src/vm/Interpreter.cpp:453
  30:     0x55555b677e7a - InternalCall
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/mozjs_sys-0.50.0/mozjs/js/src/vm/Interpreter.cpp:498
  31:     0x55555b677ea4 - _ZN2js13CallFromStackEP9JSContextRKN2JS8CallArgsE
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/mozjs_sys-0.50.0/mozjs/js/src/vm/Interpreter.cpp:504
  32:     0x55555b684ed0 - Interpret
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/mozjs_sys-0.50.0/mozjs/js/src/vm/Interpreter.cpp:2873
  33:     0x55555b6777d5 - _ZN2js9RunScriptEP9JSContextRNS_8RunStateE
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/mozjs_sys-0.50.0/mozjs/js/src/vm/Interpreter.cpp:399
  34:     0x55555b678b98 - _ZN2js13ExecuteKernelEP9JSContextN2JS6HandleIP8JSScriptEER8JSObjectRKNS2_5ValueENS_16AbstractFramePtrEPS9_
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/mozjs_sys-0.50.0/mozjs/js/src/vm/Interpreter.cpp:679
  35:     0x55555b678e58 - _ZN2js7ExecuteEP9JSContextN2JS6HandleIP8JSScriptEER8JSObjectPNS2_5ValueE
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/mozjs_sys-0.50.0/mozjs/js/src/vm/Interpreter.cpp:712
  36:     0x55555b3e8565 - Evaluate
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/mozjs_sys-0.50.0/mozjs/js/src/jsapi.cpp:4407
  37:     0x55555b3e88a0 - Evaluate
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/mozjs_sys-0.50.0/mozjs/js/src/jsapi.cpp:4443
  38:     0x55555b3e8e20 - _ZN2JS8EvaluateEP9JSContextRKNS_22ReadOnlyCompileOptionsEPKDsmNS_13MutableHandleINS_5ValueEEE
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/mozjs_sys-0.50.0/mozjs/js/src/jsapi.cpp:4501
  39:     0x555557e95e9d - script::dom::globalscope::GlobalScope::evaluate_script_on_global_with_result::{{closure}}::hfbb16766535dbade
                        at components/script/dom/globalscope.rs:414
  40:     0x55555746ae60 - profile_traits::time::profile::h755af48bf0eef693
                        at /shared/dev/rust/servo/components/profile_traits/time.rs:125
  41:     0x555557329a3f - script::dom::globalscope::GlobalScope::evaluate_script_on_global_with_result::h7af677fff43d1563
                        at components/script/dom/globalscope.rs:398
  42:     0x555557e81796 - script::dom::htmlscriptelement::HTMLScriptElement::run_a_classic_script::h36ba2c803ae5787d
                        at components/script/dom/htmlscriptelement.rs:569
  43:     0x555557e81105 - script::dom::htmlscriptelement::HTMLScriptElement::execute::h4735d128f44e223a
                        at components/script/dom/htmlscriptelement.rs:539
  44:     0x555557e7f42e - script::dom::htmlscriptelement::HTMLScriptElement::prepare::h28c8a3abef580418
                        at components/script/dom/htmlscriptelement.rs:452
  45:     0x55555785a06d - script::dom::servoparser::ServoParser::tokenize::h17d09dd217730241
                        at components/script/dom/servoparser/mod.rs:473
  46:     0x555556ebff07 - script::dom::servoparser::ServoParser::do_parse_sync::h19beed25e6c38a23
                        at components/script/dom/servoparser/mod.rs:428
  47:     0x555557859d5f - script::dom::servoparser::ServoParser::parse_sync::{{closure}}::ha397401cb6808f00
                        at components/script/dom/servoparser/mod.rs:414
  48:     0x55555746a8cc - profile_traits::time::profile::h5f27453cfa40c134
                        at /shared/dev/rust/servo/components/profile_traits/time.rs:125
  49:     0x555556ebfc6e - script::dom::servoparser::ServoParser::parse_sync::hfbbaaacad891887d
                        at components/script/dom/servoparser/mod.rs:411
  50:     0x555556ec01bd - script::dom::servoparser::ServoParser::parse_bytes_chunk::hfbabf580a64a69ee
                        at components/script/dom/servoparser/mod.rs:453
  51:     0x555556ec2bc3 - <script::dom::servoparser::ParserContext as net_traits::FetchResponseListener>::process_response_chunk::h33199c8d85b15eaf
                        at components/script/dom/servoparser/mod.rs:720
  52:     0x55555717ba7f - script::script_thread::ScriptThread::handle_fetch_chunk::h1249b2c0db71b336
                        at components/script/script_thread.rs:2588
  53:     0x555557165bcb - script::script_thread::ScriptThread::handle_msg_from_constellation::h5b7f68ca82fef0d3
                        at components/script/script_thread.rs:1271
  54:     0x55555734414c - script::script_thread::ScriptThread::handle_msgs::{{closure}}::h64e95bf5c410b95a
                        at components/script/script_thread.rs:1075
  55:     0x555557344e55 - script::script_thread::ScriptThread::profile_event::h27fc81f9f6ba961a
                        at components/script/script_thread.rs:1249
  56:     0x55555716286d - script::script_thread::ScriptThread::handle_msgs::h2a853b1b6b42fe5e
                        at components/script/script_thread.rs:1069
  57:     0x55555716055b - script::script_thread::ScriptThread::start::hc085fdd56db9ef8f
                        at components/script/script_thread.rs:901
  58:     0x5555573418cc - <script::script_thread::ScriptThread as script_traits::ScriptThreadFactory>::create::{{closure}}::{{closure}}::h6718222298e372d7
                        at components/script/script_thread.rs:582
  59:     0x555557c7d8a4 - profile_traits::mem::ProfilerChan::run_with_memory_reporting::hba4fe948a17d9248
                        at /shared/dev/rust/servo/components/profile_traits/mem.rs:63
  60:     0x555557341eb9 - <script::script_thread::ScriptThread as script_traits::ScriptThreadFactory>::create::{{closure}}::hc52fa1e83a118225
                        at components/script/script_thread.rs:581
  61:     0x555558679124 - std::sys_common::backtrace::__rust_begin_short_backtrace::h604d88dfe7211f59
                        at /checkout/src/libstd/sys_common/backtrace.rs:133
  62:     0x55555827604b - std::thread::Builder::spawn::{{closure}}::{{closure}}::h8cece30a0117d41b
                        at /checkout/src/libstd/thread/mod.rs:406
  63:     0x5555571aa454 - <std::panic::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once::h915406fcc949d604
                        at /checkout/src/libstd/panic.rs:293
  64:     0x555556d14994 - std::panicking::try::do_call::hd1bff7f5c8aaf409
                        at /checkout/src/libstd/panicking.rs:479
  65:     0x55555bd9b93e - __rust_maybe_catch_panic
                        at libpanic_unwind/lib.rs:102
  66:     0x555556c6355c - std::panicking::try::hbcd5814247b8593a
                        at /checkout/src/libstd/panicking.rs:458
  67:     0x5555571dcc6c - std::panic::catch_unwind::h4be360fdf9fffe17
                        at /checkout/src/libstd/panic.rs:358
  68:     0x555558274e28 - std::thread::Builder::spawn::{{closure}}::hb1b86bbe9a2a6aa2
                        at /checkout/src/libstd/thread/mod.rs:405
  69:     0x555558276315 - <F as alloc::boxed::FnBox<A>>::call_box::h16a105ec805d69cb
                        at /checkout/src/liballoc/boxed.rs:788
  70:     0x55555bd8667b - <alloc::boxed::Box<alloc::boxed::FnBox<A, Output$u3d$R$GT$$u20$$u2b$$u20$$u27$a$GT$$u20$as$u20$core..ops..function..FnOnce$LT$A$GT$$GT$::call_once::h13f1b0bf377a9f5b
                        at /checkout/src/liballoc/boxed.rs:798
                         - std::sys_common::thread::start_thread::hb5b6e0447b9691dc
                        at libstd/sys_common/thread.rs:24
                         - std::sys::unix::thread::Thread::new::thread_start::hcaff0bef1a01c624
                        at libstd/sys/unix/thread.rs:90
  71:     0x7ffff6eb0493 - start_thread
  72:     0x7ffff5479abe - __clone
  73:                0x0 - <unknown>
ERROR:servo: byte index 1 is not a char boundary; it is inside '\u{80}' (bytes 0..2) of `�`
Pipeline failed in hard-fail mode.  Crashing!
Servo exited with return value 1
@sarkhanbayramli
Copy link

@sarkhanbayramli sarkhanbayramli commented Feb 24, 2018

Hi, I would like to work on this issue. Would it be considered a good first bug?
@jdm
Copy link
Member

@jdm jdm commented Feb 25, 2018

@sarkhanbayramli I believe so. The only reason that I didn't mark it as one is that I haven't looked closely at what the right solution is. My suspicion is that all of the code in textinput.rs that performs byte indexing using the subscript operator ([]) is at risk of triggering failures like this one, so we would need to rewrite the code to not use it.
@sarkhanbayramli
Copy link

@sarkhanbayramli sarkhanbayramli commented Feb 26, 2018

@jdm Sounds good, I'll start working on the bug as soon as possible. Would you be able to assign it to me?
@jdm jdm added the C-assigned label Feb 26, 2018
@jdm
Copy link
Member

@jdm jdm commented Feb 26, 2018

Done!
@sarkhanbayramli sarkhanbayramli mentioned this issue Mar 6, 2018
Closed
4 of 5 tasks complete
@jdm jdm removed the C-assigned label Sep 10, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-content/dom C-has-manual-testcase E-candidate-for-mentoring I-panic
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

textinput.rs replace_selection now slices wrt bytes rather than chars
3 participants
@jdm @mateon1 @sarkhanbayramli
You can’t perform that action at this time.