159411 2016-07-04 22:56:45 -0700 [GTK] Null Node dereference in FrameSelection::notifyAccessibilityForSelectionChange of FrameSelectionAtk.cpp 2016-07-23 14:06:18 -0700 1 1 1 Unclassified WebKit WebKitGTK WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED https://bugs.webkit.org/show_bug.cgi?id=153060 P2 Normal --- 1 fujii webkit-unassigned bugs-noreply commit-queue oldest_to_newest 1207747 0 fujii 2016-07-04 22:56:45 -0700 [GTK] Null Node dereference in FrameSelection::notifyAccessibilityForSelectionChange of FrameSelectionAtk.cpp Tests: editing/selection/selection-in-iframe-removed-crash.html Callstack: > Thread 1 (Thread 0x7fbed62fea80 (LWP 37487)): > #0 0x00007fbecfbee28d in (anonymous namespace)::Node::getFlag (this=0x0, mask=(anonymous namespace)::Node::HasRareDataFlag) at ../../Source/WebCore/dom/Node.h:623 > #1 0x00007fbecfbee2b9 in (anonymous namespace)::Node::hasRareData (this=0x0) at ../../Source/WebCore/dom/Node.h:649 > #2 0x00007fbecfbee25e in (anonymous namespace)::Node::renderer (this=0x0) at ../../Source/WebCore/dom/Node.h:430 > #3 0x00007fbed18561d3 in (anonymous namespace)::FrameSelection::notifyAccessibilityForSelectionChange (this=0x7fbeb21be230) at ../../Source/WebCore/editing/atk/FrameSelectionAtk.cpp:95 > #4 0x00007fbed0a37c17 in (anonymous namespace)::FrameSelection::updateAndRevealSelection (this=0x7fbeb21be230, intent=...) at ../../Source/WebCore/editing/FrameSelection.cpp:393 > #5 0x00007fbed0a37a7a in (anonymous namespace)::FrameSelection::setSelection (this=0x7fbeb21be230, selection=..., options=6, intent=..., align=(anonymous namespace)::FrameSelection::AlignCursorOnScrollIfNeeded, granularity=(anonymous namespace)::CharacterGranularity) at ../../Source/WebCore/editing/FrameSelection.cpp:354 > #6 0x00007fbed0a407dc in (anonymous namespace)::FrameSelection::selectFrameElementInParentIfFullySelected (this=0x7fbeb21bec08) at ../../Source/WebCore/editing/FrameSelection.cpp:1884 > #7 0x00007fbed0a3782f in (anonymous namespace)::FrameSelection::setSelectionWithoutUpdatingAppearance (this=0x7fbeb21bec08, newSelectionPossiblyWithoutDirection=..., options=6, align=(anonymous namespace)::FrameSelection::AlignCursorOnScrollIfNeeded, granularity=(anonymous namespace)::CharacterGranularity) at ../../Source/WebCore/editing/FrameSelection.cpp:326 > #8 0x00007fbed0a37997 in (anonymous namespace)::FrameSelection::setSelection (this=0x7fbeb21bec08, selection=..., options=6, intent=..., align=(anonymous namespace)::FrameSelection::AlignCursorOnScrollIfNeeded, granularity=(anonymous namespace)::CharacterGranularity) at ../../Source/WebCore/editing/FrameSelection.cpp:335 > #9 0x00007fbed0a37640 in (anonymous namespace)::FrameSelection::setSelectionWithoutUpdatingAppearance (this=0x7fbeb21be230, newSelectionPossiblyWithoutDirection=..., options=6, align=(anonymous namespace)::FrameSelection::AlignCursorOnScrollIfNeeded, granularity=(anonymous namespace)::CharacterGranularity) at ../../Source/WebCore/editing/FrameSelection.cpp:289 > #10 0x00007fbed0a37997 in (anonymous namespace)::FrameSelection::setSelection (this=0x7fbeb21be230, selection=..., options=6, intent=..., align=(anonymous namespace)::FrameSelection::AlignCursorOnScrollIfNeeded, granularity=(anonymous namespace)::CharacterGranularity) at ../../Source/WebCore/editing/FrameSelection.cpp:335 > #11 0x00007fbed0a3654b in (anonymous namespace)::FrameSelection::moveTo (this=0x7fbeb21be230, range=0x7fbeb20ed0c0) at ../../Source/WebCore/editing/FrameSelection.cpp:162 > #12 0x00007fbed0ec679b in (anonymous namespace)::DOMSelection::addRange (this=0x7fbeb20dac08, r=0x7fbeb20ed0c0) at ../../Source/WebCore/page/DOMSelection.cpp:383 > #13 0x00007fbed1c766fd in (anonymous namespace)::jsDOMSelectionPrototypeFunctionAddRange (state=0x7ffc4de671d0) at DerivedSources/WebCore/JSDOMSelection.cpp:521 > #14 0x00007fbe71688028 in ?? () > #15 0x00007ffc4de67250 in ?? () > #16 0x00007fbec9ac1ba2 in llint_entry () from /home/fujii/work/webkit/w1/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18 Source/WebCore/editing/atk/FrameSelectionAtk.cpp > RenderObject* focusedNode = m_selection.end().containerNode()->renderer(); containerNode() returns null. 1207750 1 282749 fujii 2016-07-04 23:08:03 -0700 Created attachment 282749 Patch 1207751 2 282749 cgarcia 2016-07-04 23:13:56 -0700 Comment on attachment 282749 Patch Excellent! Thank you. 1207757 3 282749 commit-queue 2016-07-04 23:44:15 -0700 Comment on attachment 282749 Patch Clearing flags on attachment: 282749 Committed r202814: <http://trac.webkit.org/changeset/202814> 1207758 4 commit-queue 2016-07-04 23:44:19 -0700 All reviewed patches have been landed. Closing bug. 282749 2016-07-04 23:08:03 -0700 2016-07-04 23:44:15 -0700 Patch bug-159411-20160705020733.patch text/plain 3614 fujii U3VidmVyc2lvbiBSZXZpc2lvbjogMjAyODExCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggYWFjZmM2NWY5YzI5YzIz MGY4YzQ5Y2UxOWRkNzI0MWExMjJiN2UzZS4uNjMyNThmZjIyZDAzNmIxMDI2NjUyNzVmNzFlZWM1 ZmYwNWFhNzRkMCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE3IEBACisyMDE2LTA3LTA0ICBGdWpp aSBIaXJvbm9yaSAgPEhpcm9ub3JpLkZ1amlpQHNvbnkuY29tPgorCisgICAgICAgIFtHVEtdIE51 bGwgTm9kZSBkZXJlZmVyZW5jZSBpbiBGcmFtZVNlbGVjdGlvbjo6bm90aWZ5QWNjZXNzaWJpbGl0 eUZvclNlbGVjdGlvbkNoYW5nZSBvZiBGcmFtZVNlbGVjdGlvbkF0ay5jcHAKKyAgICAgICAgaHR0 cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE1OTQxMQorCisgICAgICAgIFJl dmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFRlc3RzOgorICAgICAgICAgICAg ZWRpdGluZy9zZWxlY3Rpb24vc2VsZWN0aW9uLWluLWlmcmFtZS1yZW1vdmVkLWNyYXNoLmh0bWwK KworICAgICAgICAqIGVkaXRpbmcvYXRrL0ZyYW1lU2VsZWN0aW9uQXRrLmNwcDoKKyAgICAgICAg KFdlYkNvcmU6OkZyYW1lU2VsZWN0aW9uOjpub3RpZnlBY2Nlc3NpYmlsaXR5Rm9yU2VsZWN0aW9u Q2hhbmdlKToKKyAgICAgICAgQWRkZWQgYSBudWxsIGNoZWNrIGZvciB0aGUgcmV0dXJuIHZhbHVl IG9mIGNvbnRhaW5lck5vZGUoKS4KKwogMjAxNi0wNy0wNCAgWW91ZW5uIEZhYmxldCAgPHlvdWVu bkBhcHBsZS5jb20+CiAKICAgICAgICAgUmVtb3ZlIFJlcXVlc3RPcmlnaW5Qb2xpY3kgZnJvbSBS ZXNvdXJjZUxvYWRlck9wdGlvbnMKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL2VkaXRpbmcv YXRrL0ZyYW1lU2VsZWN0aW9uQXRrLmNwcCBiL1NvdXJjZS9XZWJDb3JlL2VkaXRpbmcvYXRrL0Zy YW1lU2VsZWN0aW9uQXRrLmNwcAppbmRleCAyMWYwNDQ1Njk5N2Y2MDY0OWZmZmJlNTRkMjNlYTkz NGExMGU1NjI1Li41MTgzOWE5OTBhYzhhOTNkOWVmY2NmZjZiNzJmZjVlMDA2NTJkMWJjIDEwMDY0 NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9lZGl0aW5nL2F0ay9GcmFtZVNlbGVjdGlvbkF0ay5jcHAK KysrIGIvU291cmNlL1dlYkNvcmUvZWRpdGluZy9hdGsvRnJhbWVTZWxlY3Rpb25BdGsuY3BwCkBA IC05MiwxMiArOTIsMTUgQEAgdm9pZCBGcmFtZVNlbGVjdGlvbjo6bm90aWZ5QWNjZXNzaWJpbGl0 eUZvclNlbGVjdGlvbkNoYW5nZShjb25zdCBBWFRleHRTdGF0ZUNoYW4KICAgICBpZiAoIW1fc2Vs ZWN0aW9uLnN0YXJ0KCkuaXNOb3ROdWxsKCkgfHwgIW1fc2VsZWN0aW9uLmVuZCgpLmlzTm90TnVs bCgpKQogICAgICAgICByZXR1cm47CiAKLSAgICBSZW5kZXJPYmplY3QqIGZvY3VzZWROb2RlID0g bV9zZWxlY3Rpb24uZW5kKCkuY29udGFpbmVyTm9kZSgpLT5yZW5kZXJlcigpOworICAgIE5vZGUq IGZvY3VzZWROb2RlID0gbV9zZWxlY3Rpb24uZW5kKCkuY29udGFpbmVyTm9kZSgpOworICAgIGlm ICghZm9jdXNlZE5vZGUpCisgICAgICAgIHJldHVybjsKKwogICAgIEFYT2JqZWN0Q2FjaGUqIGNh Y2hlID0gbV9mcmFtZS0+ZG9jdW1lbnQoKS0+ZXhpc3RpbmdBWE9iamVjdENhY2hlKCk7CiAgICAg aWYgKCFjYWNoZSkKICAgICAgICAgcmV0dXJuOwogCi0gICAgQWNjZXNzaWJpbGl0eU9iamVjdCog YWNjZXNzaWJpbGl0eU9iamVjdCA9IGNhY2hlLT5nZXRPckNyZWF0ZShmb2N1c2VkTm9kZSk7Cisg ICAgQWNjZXNzaWJpbGl0eU9iamVjdCogYWNjZXNzaWJpbGl0eU9iamVjdCA9IGNhY2hlLT5nZXRP ckNyZWF0ZShmb2N1c2VkTm9kZS0+cmVuZGVyZXIoKSk7CiAgICAgaWYgKCFhY2Nlc3NpYmlsaXR5 T2JqZWN0KQogICAgICAgICByZXR1cm47CiAKZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5n ZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxvZwppbmRleCBiMTBjYzdlOTNkMDc2YzAwMDg5N2Q3 YTk2OTBjMDc3ODAwNzkyNzc1Li40ZjE1NDIwMTk3NjQxOWU0MzA1YTViMDRhZmEyZDg5M2IyOThj NGMxIDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9DaGFuZ2VMb2cKKysrIGIvTGF5b3V0VGVzdHMv Q2hhbmdlTG9nCkBAIC0xLDMgKzEsMTMgQEAKKzIwMTYtMDctMDQgIEZ1amlpIEhpcm9ub3JpICA8 SGlyb25vcmkuRnVqaWlAc29ueS5jb20+CisKKyAgICAgICAgW0dUS10gTnVsbCBOb2RlIGRlcmVm ZXJlbmNlIGluIEZyYW1lU2VsZWN0aW9uOjpub3RpZnlBY2Nlc3NpYmlsaXR5Rm9yU2VsZWN0aW9u Q2hhbmdlIG9mIEZyYW1lU2VsZWN0aW9uQXRrLmNwcAorICAgICAgICBodHRwczovL2J1Z3Mud2Vi a2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTU5NDExCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9C T0RZIChPT1BTISkuCisKKyAgICAgICAgKiBwbGF0Zm9ybS9ndGsvVGVzdEV4cGVjdGF0aW9uczog UmVtb3ZlZCBhIGNyYXNoIGV4cGVjdGF0aW9uIG9mCisgICAgICAgIGVkaXRpbmcvc2VsZWN0aW9u L3NlbGVjdGlvbi1pbi1pZnJhbWUtcmVtb3ZlZC1jcmFzaC5odG1sLgorCiAyMDE2LTA3LTA0ICBZ b3Vlbm4gRmFibGV0ICA8eW91ZW5uQGFwcGxlLmNvbT4KIAogICAgICAgICBTaGllbGQgV2ViUlRD IEpTIGJ1aWx0LWlucyBmcm9tIHVzZXIgc2NyaXB0cwpkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMv cGxhdGZvcm0vZ3RrL1Rlc3RFeHBlY3RhdGlvbnMgYi9MYXlvdXRUZXN0cy9wbGF0Zm9ybS9ndGsv VGVzdEV4cGVjdGF0aW9ucwppbmRleCA0NTA1MThjNWE5NTFjOGE4Njk1ZWU3ZmYyMWM4YmNmNWVm MGU4NGVjLi45NThmZGE3NjkwYzk0NWZjMGQ3NDVkZjFiMzIyOTViYTdhNWMxZmZlIDEwMDY0NAot LS0gYS9MYXlvdXRUZXN0cy9wbGF0Zm9ybS9ndGsvVGVzdEV4cGVjdGF0aW9ucworKysgYi9MYXlv dXRUZXN0cy9wbGF0Zm9ybS9ndGsvVGVzdEV4cGVjdGF0aW9ucwpAQCAtNzMwLDggKzczMCw2IEBA IHdlYmtpdC5vcmcvYi8xMTA2OTUgaHR0cC90ZXN0cy9zZWN1cml0eS9jcm9zcy1vcmlnaW4tbG9j YWwtc3RvcmFnZS1hbGxvd2VkLmh0bWwKIHdlYmtpdC5vcmcvYi8xMTA2OTUgaHR0cC90ZXN0cy9z ZWN1cml0eS9jcm9zcy1vcmlnaW4tbG9jYWwtc3RvcmFnZS5odG1sIFsgQ3Jhc2ggUGFzcyBdCiB3 ZWJraXQub3JnL2IvMTEwNjk1IGh0dHAvdGVzdHMvc2VjdXJpdHkvY3Jvc3Mtb3JpZ2luLXBsdWdp bi1hbGxvd2VkLmh0bWwgWyBDcmFzaCBQYXNzIF0KIAotd2Via2l0Lm9yZy9iLzExMTQ1MSBbIERl YnVnIF0gZWRpdGluZy9zZWxlY3Rpb24vc2VsZWN0aW9uLWluLWlmcmFtZS1yZW1vdmVkLWNyYXNo Lmh0bWwgWyBDcmFzaCBQYXNzIF0KLQogd2Via2l0Lm9yZy9iLzExMTkwMiBbIERlYnVnIF0gaHR0 cC90ZXN0cy9zZWN1cml0eS9YRnJhbWVPcHRpb25zL3gtZnJhbWUtb3B0aW9ucy1kZW55LW11bHRp cGxlLWNsaWVudHMuaHRtbCBbIENyYXNoIF0KIAogd2Via2l0Lm9yZy9iLzExODQyMiBbIERlYnVn IF0gaHR0cC90ZXN0cy9zZWN1cml0eS9YRnJhbWVPcHRpb25zL3gtZnJhbWUtb3B0aW9ucy1jYWNo ZWQuaHRtbCBbIENyYXNoIFBhc3MgXQo=