56652 2011-03-18 10:16:18 -0700 chrome.dll!WebCoreTypingCommandmakeEditableRootEmpty ReadAV@NULL (9632b8c011239ef3fa014c15ec25f236) 2011-03-29 05:10:26 -0700 1 1 1 Unclassified WebKit HTML Editing 528+ (Nightly build) PC Windows Vista RESOLVED FIXED P1 Normal --- 56771 1 skylined webkit-unassigned commit-queue rniwa oldest_to_newest 369700 0 skylined 2011-03-18 10:16:18 -0700 Chromium: http://code.google.com/p/chromium/issues/detail?id=76690 Repro: <body onload="go()"></body> <script> function go() { document.open(); document.designMode="on"; var oSelection = window.getSelection(); oSelection.addRange(document.createRange()); document.execCommand("Delete"); } </script> id: chrome.dll!WebCore::TypingCommand::makeEditableRootEmpty ReadAV@NULL (9632b8c011239ef3fa014c15ec25f236) description: Attempt to read from unallocated NULL pointer+0x28 in chrome.dll!WebCore::TypingCommand::makeEditableRootEmpty application: Chromium 12.0.707.0 stack: chrome.dll!WebCore::TypingCommand::makeEditableRootEmpty chrome.dll!WebCore::TypingCommand::deleteKeyPressed chrome.dll!WebCore::TypingCommand::doApply chrome.dll!WebCore::EditCommand::apply chrome.dll!WebCore::TypingCommand::deleteKeyPressed chrome.dll!WebCore::executeDelete chrome.dll!WebCore::Editor::Command::execute chrome.dll!WebCore::Document::execCommand chrome.dll!WebCore::DocumentInternal::execCommandCallback chrome.dll!v8::internal::HandleApiCallHelper<...> chrome.dll!v8::internal::Builtin_HandleApiCall chrome.dll!v8::internal::Invoke chrome.dll!v8::internal::Execution::Call ... 374892 1 87236 eae 2011-03-28 16:46:54 -0700 Created attachment 87236 Patch 375203 2 87236 commit-queue 2011-03-29 05:10:21 -0700 Comment on attachment 87236 Patch Clearing flags on attachment: 87236 Committed r82233: <http://trac.webkit.org/changeset/82233> 375204 3 commit-queue 2011-03-29 05:10:26 -0700 All reviewed patches have been landed. Closing bug. 87236 2011-03-28 16:46:54 -0700 2011-03-29 05:10:21 -0700 Patch 56652.patch text/plain 3261 eae SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDgyMTcyKQorKysgU291cmNlL1dlYkNvcmUvQ2hhbmdl TG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTUgQEAKKzIwMTEtMDMtMjggIEVtaWwgQSBF a2x1bmQgIDxlYWVAY2hyb21pdW0ub3JnPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAo T09QUyEpLgorCisgICAgICAgIEZpeCBmb3IgZXhlY0NvbW1hbmQoIkRlbGV0ZSIpIHdpdGggYW4g ZW1wdHkgc2VsZWN0aW9uLgorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1 Zy5jZ2k/aWQ9NTY2NTIKKworICAgICAgICBUZXN0OiBlZGl0aW5nL2V4ZWNDb21tYW5kL2RlbGV0 ZS1lbXB0eS1jb250YWluZXIuaHRtbAorCisgICAgICAgICogZWRpdGluZy9UeXBpbmdDb21tYW5k LmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OlR5cGluZ0NvbW1hbmQ6Om1ha2VFZGl0YWJsZVJvb3RF bXB0eSk6IEFkZCBjaGVjayBmb3Igcm9vdCBlbGVtZW50LgorCiAyMDExLTAzLTI4ICBCZXRoIERh a2luICA8YmRha2luQGFwcGxlLmNvbT4KIAogICAgICAgICBSZXZpZXdlZCBieSBEYXJpbiBBZGxl ci4KSW5kZXg6IFNvdXJjZS9XZWJDb3JlL2VkaXRpbmcvVHlwaW5nQ29tbWFuZC5jcHAKPT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PQotLS0gU291cmNlL1dlYkNvcmUvZWRpdGluZy9UeXBpbmdDb21tYW5kLmNwcAkocmV2aXNp b24gODE5NzUpCisrKyBTb3VyY2UvV2ViQ29yZS9lZGl0aW5nL1R5cGluZ0NvbW1hbmQuY3BwCSh3 b3JraW5nIGNvcHkpCkBAIC00NDMsNyArNDQzLDcgQEAgdm9pZCBUeXBpbmdDb21tYW5kOjppbnNl cnRQYXJhZ3JhcGhTZXBhcgogYm9vbCBUeXBpbmdDb21tYW5kOjptYWtlRWRpdGFibGVSb290RW1w dHkoKQogewogICAgIEVsZW1lbnQqIHJvb3QgPSBlbmRpbmdTZWxlY3Rpb24oKS5yb290RWRpdGFi bGVFbGVtZW50KCk7Ci0gICAgaWYgKCFyb290LT5maXJzdENoaWxkKCkpCisgICAgaWYgKCFyb290 IHx8ICFyb290LT5maXJzdENoaWxkKCkpCiAgICAgICAgIHJldHVybiBmYWxzZTsKIAogICAgIGlm IChyb290LT5maXJzdENoaWxkKCkgPT0gcm9vdC0+bGFzdENoaWxkKCkgJiYgcm9vdC0+Zmlyc3RF bGVtZW50Q2hpbGQoKSAmJiByb290LT5maXJzdEVsZW1lbnRDaGlsZCgpLT5oYXNUYWdOYW1lKGJy VGFnKSkgewpJbmRleDogTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIExheW91 dFRlc3RzL0NoYW5nZUxvZwkocmV2aXNpb24gODIxNzIpCisrKyBMYXlvdXRUZXN0cy9DaGFuZ2VM b2cJKHdvcmtpbmcgY29weSkKQEAgLTEsMyArMSwxNSBAQAorMjAxMS0wMy0yOCAgRW1pbCBBIEVr bHVuZCAgPGVhZUBjaHJvbWl1bS5vcmc+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChP T1BTISkuCisKKyAgICAgICAgRml4IGZvciBleGVjQ29tbWFuZCgiRGVsZXRlIikgd2l0aCBhbiBl bXB0eSBzZWxlY3Rpb24uCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVn LmNnaT9pZD01NjY1MgorCisgICAgICAgIEFkZCB0ZXN0IGZvciBkZWxldGluZyBhbiBlbXB0eSBz ZWxlY3Rpb24gZnJvbSBhbiBlbXB0eSBjb250YWluZXIuCisKKyAgICAgICAgKiBlZGl0aW5nL2V4 ZWNDb21tYW5kL2RlbGV0ZS1lbXB0eS1jb250YWluZXItZXhwZWN0ZWQudHh0OiBBZGRlZC4KKyAg ICAgICAgKiBlZGl0aW5nL2V4ZWNDb21tYW5kL2RlbGV0ZS1lbXB0eS1jb250YWluZXIuaHRtbDog QWRkZWQuCisKIDIwMTEtMDMtMjggIFZpbmNlbnQgU2NoZWliICA8c2NoZWliQGNocm9taXVtLm9y Zz4KIAogICAgICAgICBDaHJvbWl1bSByZWJhc2VsaW5lIGZvciByODIxNDQuCkluZGV4OiBMYXlv dXRUZXN0cy9lZGl0aW5nL2V4ZWNDb21tYW5kL2RlbGV0ZS1lbXB0eS1jb250YWluZXItZXhwZWN0 ZWQudHh0Cj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT0KLS0tIExheW91dFRlc3RzL2VkaXRpbmcvZXhlY0NvbW1hbmQvZGVs ZXRlLWVtcHR5LWNvbnRhaW5lci1leHBlY3RlZC50eHQJKHJldmlzaW9uIDApCisrKyBMYXlvdXRU ZXN0cy9lZGl0aW5nL2V4ZWNDb21tYW5kL2RlbGV0ZS1lbXB0eS1jb250YWluZXItZXhwZWN0ZWQu dHh0CShyZXZpc2lvbiAwKQpAQCAtMCwwICsxIEBACitEZWxldGluZyBhbiBlbXB0eSBzZWxlY3Rp b24gc2hvdWxkIGhhdmUgbm8gZWZmZWN0LgpJbmRleDogTGF5b3V0VGVzdHMvZWRpdGluZy9leGVj Q29tbWFuZC9kZWxldGUtZW1wdHktY29udGFpbmVyLmh0bWwKPT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gTGF5b3V0 VGVzdHMvZWRpdGluZy9leGVjQ29tbWFuZC9kZWxldGUtZW1wdHktY29udGFpbmVyLmh0bWwJKHJl dmlzaW9uIDApCisrKyBMYXlvdXRUZXN0cy9lZGl0aW5nL2V4ZWNDb21tYW5kL2RlbGV0ZS1lbXB0 eS1jb250YWluZXIuaHRtbAkocmV2aXNpb24gMCkKQEAgLTAsMCArMSwxOCBAQAorPGh0bWw+Cis8 Ym9keSBvbmxvYWQ9InRlc3QoKSI+PC9ib2R5PgorPHNjcmlwdD4KKyAgICBpZiAod2luZG93Lmxh eW91dFRlc3RDb250cm9sbGVyKQorICAgICAgICBsYXlvdXRUZXN0Q29udHJvbGxlci5kdW1wQXNU ZXh0KCk7CisKKyAgICBmdW5jdGlvbiB0ZXN0KCkKKyAgICB7CisgICAgICAgIGRvY3VtZW50Lm9w ZW4oKTsKKyAgICAgICAgZG9jdW1lbnQuZGVzaWduTW9kZSA9ICJvbiI7CisgICAgICAgIHZhciBz ZWxlY3Rpb24gPSB3aW5kb3cuZ2V0U2VsZWN0aW9uKCk7CisgICAgICAgIHNlbGVjdGlvbi5hZGRS YW5nZShkb2N1bWVudC5jcmVhdGVSYW5nZSgpKTsKKyAgICAgICAgZG9jdW1lbnQuZXhlY0NvbW1h bmQoIkRlbGV0ZSIpOworICAgICAgICBkb2N1bWVudC5jbG9zZSgpOworICAgICAgICBkb2N1bWVu dC5ib2R5LmFwcGVuZENoaWxkKGRvY3VtZW50LmNyZWF0ZVRleHROb2RlKCdEZWxldGluZyBhbiBl bXB0eSBzZWxlY3Rpb24gc2hvdWxkIGhhdmUgbm8gZWZmZWN0LicpKTsKKyAgICB9Cis8L3Njcmlw dD4KKzwvaHRtbD4K