Bug 131018

Summary: ASSERTION FAILED: prev != *this in WebCore::VisiblePosition::previous
Product: WebKit Reporter: Renata Hodovan <rhodovan.u-szeged>
Component: HTML EditingAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: ahmad.saleem792, bfulgham, darin, harrison, justin.garcia, kling, leviw, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 116980    
Attachments:
Description Flags
Test case
none
Test none

Description Renata Hodovan 2014-04-01 01:38:36 PDT 
Created attachment 228256 [details]
Test case

The failing test:

<head>
   <script>
      function runTest () {
         document.execCommand("selectall", true, null);
         document.execCommand("insertorderedlist", false, null);
      }
   </script>
</head>
<body onload="runTest();" contenteditable="true">
   <video> </video>
   <div>
      <textarea></textarea>
   </div>
</body>y>
</html>


The backtrace:

ASSERTION FAILED: prev != *this
/home/reni2/data/REPOS/webkit_sec/Source/WebCore/editing/VisiblePosition.cpp(89) : WebCore::VisiblePosition WebCore::VisiblePosition::previous(WebCore::EditingBoundaryCrossingRule) const
1   0x7ffff5ed9db5 WTFCrash
2   0x7ffff10e335f WebCore::VisiblePosition::previous(WebCore::EditingBoundaryCrossingRule) const
3   0x7ffff10b1e8c WebCore::InsertListCommand::listifyParagraph(WebCore::VisiblePosition const&, WebCore::QualifiedName const&)
4   0x7ffff10b139c WebCore::InsertListCommand::doApplyForSingleParagraph(bool, WebCore::HTMLQualifiedName const&, WebCore::Range*)
5   0x7ffff10b0a21 WebCore::InsertListCommand::doApply()
6   0x7ffff106123d WebCore::CompositeEditCommand::apply()
7   0x7ffff1061031 WebCore::applyCommand(WTF::PassRefPtr<WebCore::CompositeEditCommand>)
8   0x7ffff109a0cb
9   0x7ffff109d1b4 WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const
10  0x7ffff0f575dc WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&)
11  0x7ffff1f334f1 WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::ExecState*)
12  0x7fff9b6cb0b4

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5ed9dba in WTFCrash () at /home/reni2/data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333
333	    *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007ffff5ed9dba in WTFCrash () at /home/reni2/data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333
#1  0x00007ffff10e335f in WebCore::VisiblePosition::previous (this=0x7fffffffb7b0, rule=WebCore::CannotCrossEditingBoundary)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/editing/VisiblePosition.cpp:89
#2  0x00007ffff10b1e8c in WebCore::InsertListCommand::listifyParagraph (this=0x1124410, originalStart=..., listTag=...)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/editing/InsertListCommand.cpp:348
#3  0x00007ffff10b139c in WebCore::InsertListCommand::doApplyForSingleParagraph (this=0x1124410, forceCreateList=false, listTag=..., 
    currentSelection=0x1138530) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/editing/InsertListCommand.cpp:256
#4  0x00007ffff10b0a21 in WebCore::InsertListCommand::doApply (this=0x1124410)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/editing/InsertListCommand.cpp:192
#5  0x00007ffff106123d in WebCore::CompositeEditCommand::apply (this=0x1124410)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/editing/CompositeEditCommand.cpp:227
#6  0x00007ffff1061031 in WebCore::applyCommand (command=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/editing/CompositeEditCommand.cpp:182
#7  0x00007ffff109a0cb in WebCore::executeInsertOrderedList (frame=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/editing/EditorCommand.cpp:551
#8  0x00007ffff109d1b4 in WebCore::Editor::Command::execute (this=0x7fffffffbc50, parameter=..., triggeringEvent=0x0)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/editing/EditorCommand.cpp:1741
#9  0x00007ffff0f575dc in WebCore::Document::execCommand (this=0x9e8ce0, commandName=..., userInterface=false, value=...)
    at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:4217
#10 0x00007ffff1f334f1 in WebCore::jsDocumentPrototypeFunctionExecCommand (exec=0x7fffffffbd50)
    at /home/reni2/data/REPOS/webkit_sec/WebKitBuild/Debug/DerivedSources/WebCore/JSDocument.cpp:4736
#11 0x00007fff9b6cb0b4 in ?? ()
#12 0x00007fffffffbdb0 in ?? ()
#13 0x00007ffff5ec4fb5 in llint_op_call () from /home/reni2/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.0
#14 0x0000000000000000 in ?? ()
Comment 1 Renata Hodovan 2015-11-06 02:41:31 PST 
Created attachment 264928 [details]
Test

Replacing the original test case since it doesn't reproduce the issue anymore.
Comment 2 Brent Fulgham 2016-08-03 14:09:33 PDT 
This reproduces under r204037.
Comment 3 Radar WebKit Bug Importer 2016-08-03 14:09:49 PDT 
<rdar://problem/27685432>
Comment 4 Ahmad Saleem 2023-01-20 09:45:56 PST 
This still assert using attached test while using debug build based of WebKit revision 259136@main.