160011 2016-07-20 21:44:49 -0700 Crash accessing null renderer inside WebCore::DeleteSelectionCommand::doApply 2016-07-21 12:42:50 -0700 1 1 1 Unclassified WebKit New Bugs WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 rniwa rniwa ap cdumez commit-queue darin enrica oldest_to_newest 1213031 0 rniwa 2016-07-20 21:44:49 -0700 Crash accessing null renderer inside WebCore::DeleteSelectionCommand::doApply 1213034 1 rniwa 2016-07-20 21:46:13 -0700 <rdar://problem/21400186> 1213035 2 284188 rniwa 2016-07-20 21:46:15 -0700 Created attachment 284188 Fixes the bug 1213048 3 284188 ap 2016-07-20 22:48:37 -0700 Comment on attachment 284188 Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=284188&action=review > Source/WebCore/editing/DeleteSelectionCommand.cpp:867 > + if (textNode.length() && textNode.renderer()) Is it valid for ending position to be a node without renderer? Should there be an assertion to hopefully catch the root cause in the future? 1213050 4 284188 rniwa 2016-07-20 22:52:43 -0700 Comment on attachment 284188 Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=284188&action=review >> Source/WebCore/editing/DeleteSelectionCommand.cpp:867 >> + if (textNode.length() && textNode.renderer()) > > Is it valid for ending position to be a node without renderer? Should there be an assertion to hopefully catch the root cause in the future? We try to avoid selecting a node without renderer but I wouldn't be surprised if we ended up getting it. In general, I don't think m_endingPosition has any sort of guarantee like VisiblePosition's deepEquivalent. 1213255 5 284188 commit-queue 2016-07-21 12:42:45 -0700 Comment on attachment 284188 Fixes the bug Clearing flags on attachment: 284188 Committed r203518: <http://trac.webkit.org/changeset/203518> 1213256 6 commit-queue 2016-07-21 12:42:50 -0700 All reviewed patches have been landed. Closing bug. 284188 2016-07-20 21:46:15 -0700 2016-07-21 12:42:45 -0700 Fixes the bug bug-160011-20160720214517.patch text/plain 1464 rniwa SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDIwMzQ4NykKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE3IEBACisyMDE2LTA3LTIwICBSeW9zdWtl IE5pd2EgIDxybml3YUB3ZWJraXQub3JnPgorCisgICAgICAgIENyYXNoIGFjY2Vzc2luZyBudWxs IHJlbmRlcmVyIGluc2lkZSBXZWJDb3JlOjpEZWxldGVTZWxlY3Rpb25Db21tYW5kOjpkb0FwcGx5 CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xNjAwMTEK KworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBBZGQgYSBu dWxsIHBvaW50ZXIgY2hlY2sgZm9yIHJlbmRlcmVyKCkgY2FsbC4KKworICAgICAgICBVbmZvcnR1 bmF0ZWx5IG5vIG5ldyB0ZXN0cyBzaW5jZSB3ZSBkb24ndCBoYXZlIGEgcmVwcm9kdWN0aW9uLgor CisgICAgICAgICogZWRpdGluZy9EZWxldGVTZWxlY3Rpb25Db21tYW5kLmNwcDoKKyAgICAgICAg KFdlYkNvcmU6OkRlbGV0ZVNlbGVjdGlvbkNvbW1hbmQ6OmRvQXBwbHkpOgorCiAyMDE2LTA3LTIw ICBDaHJpcyBEdW1leiAgPGNkdW1lekBhcHBsZS5jb20+CiAKICAgICAgICAgRml4IG51bGwgaGFu ZGxpbmcgb2Ygc2V2ZXJhbCBEb2N1bWVudCBhdHRyaWJ1dGVzCkluZGV4OiBTb3VyY2UvV2ViQ29y ZS9lZGl0aW5nL0RlbGV0ZVNlbGVjdGlvbkNvbW1hbmQuY3BwCj09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJj ZS9XZWJDb3JlL2VkaXRpbmcvRGVsZXRlU2VsZWN0aW9uQ29tbWFuZC5jcHAJKHJldmlzaW9uIDIw MzM5MykKKysrIFNvdXJjZS9XZWJDb3JlL2VkaXRpbmcvRGVsZXRlU2VsZWN0aW9uQ29tbWFuZC5j cHAJKHdvcmtpbmcgY29weSkKQEAgLTg2NCw3ICs4NjQsNyBAQCB2b2lkIERlbGV0ZVNlbGVjdGlv bkNvbW1hbmQ6OmRvQXBwbHkoKQogICAgICAgICBOb2RlKiBub2RlID0gbV9lbmRpbmdQb3NpdGlv bi5kZXByZWNhdGVkTm9kZSgpOwogICAgICAgICBpZiAoaXM8VGV4dD4obm9kZSkpIHsKICAgICAg ICAgICAgIFRleHQmIHRleHROb2RlID0gZG93bmNhc3Q8VGV4dD4oKm5vZGUpOwotICAgICAgICAg ICAgaWYgKHRleHROb2RlLmxlbmd0aCgpKQorICAgICAgICAgICAgaWYgKHRleHROb2RlLmxlbmd0 aCgpICYmIHRleHROb2RlLnJlbmRlcmVyKCkpCiAgICAgICAgICAgICAgICAgc2hvdWxkUmViYWxh Y2VXaGl0ZVNwYWNlID0gdGV4dE5vZGUucmVuZGVyZXIoKS0+c3R5bGUoKS50ZXh0U2VjdXJpdHko KSA9PSBUU05PTkU7CiAgICAgICAgIH0gICAgICAgIAogICAgIH0K