150210 2015-10-15 17:02:47 -0700 Null dereference loading Blink layout test editing/selection/selectstart-event-crash.html 2016-01-12 12:17:08 -0800 1 1 1 Unclassified WebKit HTML Editing WebKit Local Build Unspecified Unspecified RESOLVED FIXED BlinkMergeCandidate, HasReduction, InRadar P2 Normal --- 1 jhoneycutt jiewen_tan bfulgham commit-queue jiewen_tan webkit-bug-importer oldest_to_newest 1133692 0 263227 jhoneycutt 2015-10-15 17:02:47 -0700 Created attachment 263227 crashing test Null dereference loading Blink layout test editing/selection/selectstart-event-crash.html. Stack trace: Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGABRT) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000020 VM Regions Near 0x20: --> __TEXT 0000000106e12000-0000000106eac000 [ 616K] r-x/rwx SM=COW /Users/USER/* Application Specific Information: CRASHING TEST: blink-tests-that-are-unknown/editing/selection/selectstart-event-crash.html ================================================================ ==21984==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000020 (pc 0x00010c55e1c1 bp 0x7fff58de9100 sp 0x7fff58de9100 T0) #0 0x10c55e1c0 in WebCore::Node::treeScope() const Node.h:405 #1 0x10c55e188 in WebCore::Node::document() const Node.h:399 #2 0x10ead6e80 in WebCore::VisibleSelection::firstRange() const VisibleSelection.cpp:132 #3 0x10d00545c in WebCore::FrameSelection::respondToNodeModification(WebCore::Node&, bool, bool, bool, bool) FrameSelection.cpp:474 #4 0x10d00527c in WebCore::FrameSelection::nodeWillBeRemoved(WebCore::Node&) FrameSelection.cpp:439 #5 0x10cbe4285 in WebCore::Document::nodeChildrenWillBeRemoved(WebCore::ContainerNode&) Document.cpp:3936 #6 0x10c8a7c82 in WebCore::willRemoveChildren(WebCore::ContainerNode&) ContainerNode.cpp:500 #7 0x10c8a77a5 in WebCore::ContainerNode::removeChildren() ContainerNode.cpp:634 #8 0x10df79963 in WebCore::Node::setTextContent(WTF::String const&, int&) Node.cpp:1466 #9 0x10d993590 in WebCore::setJSNodeTextContent(JSC::ExecState*, JSC::JSObject*, long long, long long) JSNode.cpp:628 #10 0x107ae0590 in JSC::JSObject::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) JSObject.cpp:422 #11 0x107c2c1fd in llint_slow_path_put_by_id LLIntSlowPaths.cpp:622 #12 0x107c4096a in llint_entry (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xab196a) #13 0x107c3da0a in vmEntryToJavaScript (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xaaea0a) #14 0x10799f07d in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) JITCode.cpp:80 #15 0x10795c714 in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) Interpreter.cpp:1024 #16 0x10726d9d1 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) CallData.cpp:39 #17 0x10726dac1 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) CallData.cpp:44 #18 0x10d5879c7 in WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) JSMainThreadExecState.h:56 #19 0x10e544d4b in WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext&) ScheduledAction.cpp:104 #20 0x10e5447b2 in WebCore::ScheduledAction::execute(WebCore::Document&) ScheduledAction.cpp:125 #21 0x10cd73ef6 in WebCore::DOMTimer::fired() DOMTimer.cpp:356 #22 0x10ea470e4 in WebCore::ThreadTimers::sharedTimerFiredInternal() ThreadTimers.cpp:132 #23 0x10e6b0658 in WebCore::timerFired(__CFRunLoopTimer*, void*) SharedTimerCF.cpp:82 #24 0x7fff96fa2c83 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x92c83) #25 0x7fff96fa2912 in __CFRunLoopDoTimer (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x92912) #26 0x7fff96fa2469 in __CFRunLoopDoTimers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x92469) #27 0x7fff96f99960 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x89960) #28 0x7fff96f98fc7 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88fc7) #29 0x106e3498d in runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) DumpRenderTree.mm:2030 #30 0x106e33f39 in runTestingServerLoop() DumpRenderTree.mm:1180 #31 0x106e33267 in dumpRenderTree(int, char const**) DumpRenderTree.mm:1288 #32 0x106e352b1 in DumpRenderTreeMain(int, char const**) DumpRenderTree.mm:1418 #33 0x7fff931e95ac in start (/usr/lib/system/libdyld.dylib+0x35ac) #34 0x1 (<unknown module>) 1133693 1 webkit-bug-importer 2015-10-15 17:03:38 -0700 <rdar://problem/23137259> 1154070 2 bfulgham 2016-01-08 17:02:26 -0800 Our attempts to reproduce this crash on current ToT have failed. I think this was corrected by other changes we've made recently, but I can't identify what those changes are. 1154420 3 bfulgham 2016-01-11 11:26:08 -0800 This test case needs to be added to trunk. 1154808 4 268793 jiewen_tan 2016-01-12 11:47:50 -0800 Created attachment 268793 Patch 1154822 5 268793 bfulgham 2016-01-12 12:14:51 -0800 Comment on attachment 268793 Patch r=me. 1154823 6 268793 commit-queue 2016-01-12 12:17:05 -0800 Comment on attachment 268793 Patch Clearing flags on attachment: 268793 Committed r194917: <http://trac.webkit.org/changeset/194917> 1154824 7 commit-queue 2016-01-12 12:17:08 -0800 All reviewed patches have been landed. Closing bug. 263227 2015-10-15 17:02:47 -0700 2015-10-15 17:02:47 -0700 crashing test selectstart-event-crash.html text/html 593 jhoneycutt PCFET0NUWVBFIGh0bWw+CjxzY3JpcHQgc3JjPSIuLi8uLi9yZXNvdXJjZXMvdGVzdGhhcm5lc3Mu anMiPjwvc2NyaXB0Pgo8c2NyaXB0IHNyYz0iLi4vLi4vcmVzb3VyY2VzL3Rlc3RoYXJuZXNzcmVw b3J0LmpzIj48L3NjcmlwdD4KPGRpdiBpZD0ic2FtcGxlIj48dGFibGUgaWQ9Im9uZSI+PGNhcHRp b24+PC9jYXB0aW9uPjwvdGFibGU+PC9kaXY+CjxkaXYgaWQ9ImxvZyI+PC9kaXY+CjxzY3JpcHQ+ CnZhciBvbmUgPSBkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCcjb25lJyk7CmRvY3VtZW50LmFkZEV2 ZW50TGlzdGVuZXIoJ3NlbGVjdHN0YXJ0JywgZnVuY3Rpb24oKSB7CiAgICBvbmUucmVtb3ZlKCk7 Cn0pOwp0ZXN0KGZ1bmN0aW9uKCkgewogICAgaWYgKCF3aW5kb3cuZXZlbnRTZW5kZXIpCiAgICAg ICAgcmV0dXJuOwogICAgZXZlbnRTZW5kZXIubW91c2VNb3ZlVG8ob25lLm9mZnNldExlZnQsIG9u ZS5vZmZzZXRUb3ApOwogICAgZXZlbnRTZW5kZXIubW91c2VEb3duKCk7CiAgICB2YXIgc2VsZWN0 aW9uID0gZ2V0U2VsZWN0aW9uKCk7CiAgICBhc3NlcnRfZXF1YWxzKHNlbGVjdGlvbi5yYW5nZUNv dW50LCAwKTsKfSk7Cjwvc2NyaXB0Pgo= 268793 2016-01-12 11:47:50 -0800 2016-01-12 12:17:05 -0800 Patch bug-150210-20160112114719.patch text/plain 3066 jiewen_tan U3VidmVyc2lvbiBSZXZpc2lvbjogMTk0ODU4CmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9DaGFu Z2VMb2cgYi9MYXlvdXRUZXN0cy9DaGFuZ2VMb2cKaW5kZXggMDEyZmE0Y2U0NDhlODI4YzgyNTQ4 MTgyMDY3MTA2MDE2NTQxZjY3MS4uM2U1MjFiN2NkNWI5ZTA0MWQ4MjFlOGNiYjBlM2QwMGVhYmMx NWM1ZSAxMDA2NDQKLS0tIGEvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCisrKyBiL0xheW91dFRlc3Rz L0NoYW5nZUxvZwpAQCAtMSwzICsxLDE1IEBACisyMDE2LTAxLTEyICBKaWV3ZW4gVGFuICA8amll d2VuX3RhbkBhcHBsZS5jb20+CisKKyAgICAgICAgTnVsbCBkZXJlZmVyZW5jZSBsb2FkaW5nIEJs aW5rIGxheW91dCB0ZXN0IGVkaXRpbmcvc2VsZWN0aW9uL3NlbGVjdHN0YXJ0LWV2ZW50LWNyYXNo Lmh0bWwKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE1 MDIxMAorICAgICAgICA8cmRhcjovL3Byb2JsZW0vMjMxMzcyNTk+CisKKyAgICAgICAgUmV2aWV3 ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgKiBpbXBvcnRlZC9ibGluay9lZGl0aW5n L3NlbGVjdGlvbi9zZWxlY3RzdGFydC1ldmVudC1jcmFzaC1leHBlY3RlZC50eHQ6IEFkZGVkLgor ICAgICAgICAqIGltcG9ydGVkL2JsaW5rL2VkaXRpbmcvc2VsZWN0aW9uL3NlbGVjdHN0YXJ0LWV2 ZW50LWNyYXNoLmh0bWw6IEFkZGVkLgorICAgICAgICAqIHBsYXRmb3JtL2lvcy1zaW11bGF0b3It d2syL1Rlc3RFeHBlY3RhdGlvbnM6CisKIDIwMTYtMDEtMTEgIE1pY2hhZWwgQ2F0YW56YXJvICA8 bWNhdGFuemFyb0BpZ2FsaWEuY29tPgogCiAgICAgICAgIFtHVEtdIFVwZGF0ZSB0ZXN0IGV4cGVj dGF0aW9ucyBhZnRlciByMTk0ODQ1CmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9pbXBvcnRlZC9i bGluay9lZGl0aW5nL3NlbGVjdGlvbi9zZWxlY3RzdGFydC1ldmVudC1jcmFzaC1leHBlY3RlZC50 eHQgYi9MYXlvdXRUZXN0cy9pbXBvcnRlZC9ibGluay9lZGl0aW5nL3NlbGVjdGlvbi9zZWxlY3Rz dGFydC1ldmVudC1jcmFzaC1leHBlY3RlZC50eHQKbmV3IGZpbGUgbW9kZSAxMDA2NDQKaW5kZXgg MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMC4uYzJjMTVlMGI4YTBlNTRh NjIzYmNiNGZkY2ExZjRjZWY3MmVlYjI0MAotLS0gL2Rldi9udWxsCisrKyBiL0xheW91dFRlc3Rz L2ltcG9ydGVkL2JsaW5rL2VkaXRpbmcvc2VsZWN0aW9uL3NlbGVjdHN0YXJ0LWV2ZW50LWNyYXNo LWV4cGVjdGVkLnR4dApAQCAtMCwwICsxLDMgQEAKKworUEFTUyBVbnRpdGxlZCAKKwpkaWZmIC0t Z2l0IGEvTGF5b3V0VGVzdHMvaW1wb3J0ZWQvYmxpbmsvZWRpdGluZy9zZWxlY3Rpb24vc2VsZWN0 c3RhcnQtZXZlbnQtY3Jhc2guaHRtbCBiL0xheW91dFRlc3RzL2ltcG9ydGVkL2JsaW5rL2VkaXRp bmcvc2VsZWN0aW9uL3NlbGVjdHN0YXJ0LWV2ZW50LWNyYXNoLmh0bWwKbmV3IGZpbGUgbW9kZSAx MDA2NDQKaW5kZXggMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMC4uMjUz Zjg3ZjRlN2ZhMzUxOWJlYjI1N2M0ZDYzYzg2MTYyMzUxMWE3NQotLS0gL2Rldi9udWxsCisrKyBi L0xheW91dFRlc3RzL2ltcG9ydGVkL2JsaW5rL2VkaXRpbmcvc2VsZWN0aW9uL3NlbGVjdHN0YXJ0 LWV2ZW50LWNyYXNoLmh0bWwKQEAgLTAsMCArMSwxOSBAQAorPCFET0NUWVBFIGh0bWw+Cis8c2Ny aXB0IHNyYz0iLi4vLi4vLi4vLi4vcmVzb3VyY2VzL3Rlc3RoYXJuZXNzLmpzIj48L3NjcmlwdD4K KzxzY3JpcHQgc3JjPSIuLi8uLi8uLi8uLi9yZXNvdXJjZXMvdGVzdGhhcm5lc3NyZXBvcnQuanMi Pjwvc2NyaXB0PgorPGRpdiBpZD0ic2FtcGxlIj48dGFibGUgaWQ9Im9uZSI+PGNhcHRpb24+PC9j YXB0aW9uPjwvdGFibGU+PC9kaXY+Cis8ZGl2IGlkPSJsb2ciPjwvZGl2PgorPHNjcmlwdD4KK3Zh ciBvbmUgPSBkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCcjb25lJyk7Citkb2N1bWVudC5hZGRFdmVu dExpc3RlbmVyKCdzZWxlY3RzdGFydCcsIGZ1bmN0aW9uKCkgeworICAgIG9uZS5yZW1vdmUoKTsK K30pOwordGVzdChmdW5jdGlvbigpIHsKKyAgICBpZiAoIXdpbmRvdy5ldmVudFNlbmRlcikKKyAg ICAgICAgcmV0dXJuOworICAgIGV2ZW50U2VuZGVyLm1vdXNlTW92ZVRvKG9uZS5vZmZzZXRMZWZ0 LCBvbmUub2Zmc2V0VG9wKTsKKyAgICBldmVudFNlbmRlci5tb3VzZURvd24oKTsKKyAgICB2YXIg c2VsZWN0aW9uID0gZ2V0U2VsZWN0aW9uKCk7CisgICAgYXNzZXJ0X2VxdWFscyhzZWxlY3Rpb24u cmFuZ2VDb3VudCwgMSk7Cit9KTsKKzwvc2NyaXB0PgpkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMv cGxhdGZvcm0vaW9zLXNpbXVsYXRvci13azIvVGVzdEV4cGVjdGF0aW9ucyBiL0xheW91dFRlc3Rz L3BsYXRmb3JtL2lvcy1zaW11bGF0b3Itd2syL1Rlc3RFeHBlY3RhdGlvbnMKaW5kZXggOTk5Zjk0 ZjU5OTlkMjc1ZWQ5N2JkOTllOGFiMDk2Mjc4ZmI4ZjkzZS4uMmZmZGQ1NDE2NDg0MDFlNjExZmEy YjEyMTc1YmZhNmE4NzM3MDM1MSAxMDA2NDQKLS0tIGEvTGF5b3V0VGVzdHMvcGxhdGZvcm0vaW9z LXNpbXVsYXRvci13azIvVGVzdEV4cGVjdGF0aW9ucworKysgYi9MYXlvdXRUZXN0cy9wbGF0Zm9y bS9pb3Mtc2ltdWxhdG9yLXdrMi9UZXN0RXhwZWN0YXRpb25zCkBAIC0yMDM4LDYgKzIwMzgsNyBA QCB3ZWJraXQub3JnL2IvMTIzNDMxIGh0dHAvdGVzdHMvY3NzL2xpbmstY3NzLWRpc2FibGVkLXZh bHVlLXdpdGgtc2xvdy1sb2FkaW5nLXNoZQogCiAjIGV2ZW50U2VuZGVyLm1vdXNlRG93biBpcyBu b3QgaW1wbGVtZW50ZWQKIGZhc3QvbG9hZGVyL2xvY2F0aW9uLWhhc2gtdXNlci1nZXN0dXJlLmh0 bWwgWyBTa2lwIF0KK2ltcG9ydGVkL2JsaW5rL2VkaXRpbmcvc2VsZWN0aW9uL3NlbGVjdHN0YXJ0 LWV2ZW50LWNyYXNoLmh0bWwgWyBTa2lwIF0KIAogIyBObyB0b3VjaCBldmVudHMKIGh0dHAvdGVz dHMvY29udGVudGRpc3Bvc2l0aW9uYXR0YWNobWVudHNhbmRib3gvcmVmZXJlci1oZWFkZXItc3Ry aXBwZWQtd2l0aC1tZXRhLXJlZmVyZXItYWx3YXlzLmh0bWwgWyBTa2lwIF0K