Fix tile-tree corruption from a zero-length emit under a document-wide mark #84
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "StoneCypher/view:fix-empty-emit-tile-corruption"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Summary
TileUpdate.emit()can drop a line from the tile tree when an emit covers azero-length range while a mark decoration spans that position, later crashing
in
TilePointer.advance(parents.pop()isundefined). This is theempty-emit tail of the same area addressed in 6.43.3 (dev #1717) and 6.43.4
(dev #1720); both of those only covered the non-empty paths.
Root cause
On a zero-length emit (
from == to),RangeSet.spans(from, from, ...)iteratesnothing, so neither the
spannorpointcallback runs andmarkCountkeepsits
0initializer -- even though a mark is open (openEnd > 0). SoopenWidget = openEnd > markCountis spuriouslytrue, and the guardedaddLineStartIfNotCoveredis skipped, leaving the tile tree one line short; alater edit then overruns it in
TilePointer.advance.6.43.4's
markCount = active.lengthwas added inside thespancallback,which a zero-length emit never reaches -- which is why it did not cover this
case.
Fix
Only recompute
openWidgetwhen the emit actually covered content; an emptyemit can neither open nor close a widget, so leave the flag untouched:
Every non-empty path (everything #1717 / #1720 touched) is byte-identical.
Verification
cm-runtests: 389/389 unchanged.under a whole-document mark plus
highlightActiveLine, driven via Selenium'sActions API (synthetic
dispatchdoes not reproduce this) -- asserts thetile invariant
state.doc.length - docView.tile.length:Because the trigger needs trusted input it can't be an in-page test; I have a
self-contained Node + Selenium reproduction (pure
@codemirror/view, no otherdeps) I'm glad to share or adapt if it's useful.
Originally surfaced via a whole-document lint diagnostic (an error with no
source position) in StoneCypher/jssm#891.
I didn't attach the repro from the original outreach because it looks like it doesn't fit your testing methodologyIf I'm wrong about that, tell me and I'll attach itSo the repro won't fit your existing test rig because it needs "trusted input" to trigger, something that only comes from browser interactions, never code interactions, and so the style of your existing stuff as a node script by definition cannot trigger the bug
But selenium can lie about trusted input; you just need to use a different interface
I decided to just attach it as a follow-on PR #85. No need to have a discussion or modify a pull. Just look at the second pull, and decide if you want it as well. (Or either.)
It does work a little differently than your existing stuff. No new installed tools, still in mocha selenium, still running from the same test runner. But the shape is a little different, by necessity. YMMV.
Thanks for the report. Attached patch should handle this. I was able to create a regular test case for the issue.
it isn't clear to me how that's able to generate Trusted Input. did you see it catch actual faults?
There is no need for trusted input. And yes, without the patch that test fails.
Okay, then I was wrong about why that probe wasn't working.
Pull request closed