Bug 151095

Summary:

Should never be reached failure in WebCore::fontWeightIsBold

Product:

WebKit

Reporter:

Renata Hodovan <rhodovan.u-szeged>

Component:

HTML Editing

Assignee:

Nobody <webkit-unassigned>

Status:

NEW

Severity:

Normal

CC:

bfulgham, cdumez, mmaxfield, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Local Build

Hardware:

Unspecified

OS:

Unspecified

See Also:

https://bugs.webkit.org/show_bug.cgi?id=133796

Bug Depends on:

Bug Blocks:

116980

Attachments:

Description	Flags
Test	none

Renata Hodovan

Reported 2015-11-10 07:46:11 PST

Created attachment 265177 [details] Test Load the attached test with debug MiniBrowser: <!DOCTYPE html> a <style> * { font-weight:lighter; } </style> a <style> * { font-weight:900; } </style> <script> document.designMode = 'on'; document.execCommand("selectAll", false, null); document.execCommand("insertOrderedList" , false , null); </script> OS: Ubuntu 15.04 x86_64 Checked build: debug EFL Checked version: 29ae33c Backtrace: SHOULD NEVER BE REACHED ../../Source/WebCore/editing/EditingStyle.cpp(1764) : bool WebCore::fontWeightIsBold(WebCore::CSSValue&) 1 0x7fa3d850e89f WTFCrash 2 0x7fa3de78038f 3 0x7fa3de7816c8 4 0x7fa3de7811e9 5 0x7fa3de784d1a WTF::PassRefPtr<WebCore::MutableStyleProperties> WebCore::getPropertiesNotIn<WebCore::MutableStyleProperties>(WebCore::StyleProperties&, WebCore::MutableStyleProperties&) 6 0x7fa3de77d07c WebCore::EditingStyle::removeStyleFromRulesAndContext(WebCore::StyledElement*, WebCore::Node*) 7 0x7fa3de7c95db WebCore::ReplaceSelectionCommand::removeRedundantStylesAndKeepStyleSpanInline(WebCore::ReplaceSelectionCommand::InsertedNodes&) 8 0x7fa3de7cec09 WebCore::ReplaceSelectionCommand::doApply() 9 0x7fa3df941220 WebCore::CompositeEditCommand::applyCommandToComposite(WTF::PassRefPtr<WebCore::EditCommand>) 10 0x7fa3df949bf2 WebCore::CompositeEditCommand::moveParagraphs(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, bool, bool) 11 0x7fa3df948dcf WebCore::CompositeEditCommand::moveParagraph(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, bool, bool) 12 0x7fa3de7c2c74 WebCore::InsertListCommand::listifyParagraph(WebCore::VisiblePosition const&, WebCore::QualifiedName const&) 13 0x7fa3de7c12e8 WebCore::InsertListCommand::doApplyForSingleParagraph(bool, WebCore::HTMLQualifiedName const&, WebCore::Range*) 14 0x7fa3de7c068a WebCore::InsertListCommand::doApply() 15 0x7fa3df940f4c WebCore::CompositeEditCommand::apply() 16 0x7fa3df940cfd WebCore::applyCommand(WTF::PassRefPtr<WebCore::CompositeEditCommand>) 17 0x7fa3de7a5ab3 18 0x7fa3de7a959e WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const 19 0x7fa3de64dd39 WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) 20 0x7fa3dfd8022d WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::ExecState*) 21 0x7fa37b7ff0c8 Aborted (core dumped) Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007fa3d850e8a4 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007fa3d850e8a4 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x00007fa3de78038f in WebCore::fontWeightIsBold (fontWeight=...) at ../../Source/WebCore/editing/EditingStyle.cpp:1764 #2 0x00007fa3de7816c8 in WebCore::fontWeightIsBold<WebCore::MutableStyleProperties> (style=...) at ../../Source/WebCore/editing/EditingStyle.cpp:1772 #3 0x00007fa3de7811e9 in WebCore::extractPropertiesNotIn<WebCore::MutableStyleProperties> (styleWithRedundantProperties=..., baseStyle=...) at ../../Source/WebCore/editing/EditingStyle.cpp:1786 #4 0x00007fa3de784d1a in WebCore::getPropertiesNotIn<WebCore::MutableStyleProperties> (styleWithRedundantProperties=..., baseStyle=...) at ../../Source/WebCore/editing/EditingStyle.cpp:1805 #5 0x00007fa3de77d07c in WebCore::EditingStyle::removeStyleFromRulesAndContext (this=0x7fa3bbb99240, element=0x7fa3bbbe38f0, context=0x7fa3bbbe3c30) at ../../Source/WebCore/editing/EditingStyle.cpp:1337 #6 0x00007fa3de7c95db in WebCore::ReplaceSelectionCommand::removeRedundantStylesAndKeepStyleSpanInline (this=0x7fa3bba89360, insertedNodes=...) at ../../Source/WebCore/editing/ReplaceSelectionCommand.cpp:517 #7 0x00007fa3de7cec09 in WebCore::ReplaceSelectionCommand::doApply (this=0x7fa3bba89360) at ../../Source/WebCore/editing/ReplaceSelectionCommand.cpp:1161 #8 0x00007fa3df941220 in WebCore::CompositeEditCommand::applyCommandToComposite (this=0x7fa3bbbb52d0, prpCommand=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:278 #9 0x00007fa3df949bf2 in WebCore::CompositeEditCommand::moveParagraphs (this=0x7fa3bbbb52d0, startOfParagraphToMove=..., endOfParagraphToMove=..., destination=..., preserveSelection=true, preserveStyle=true) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:1318 #10 0x00007fa3df948dcf in WebCore::CompositeEditCommand::moveParagraph (this=0x7fa3bbbb52d0, startOfParagraphToMove=..., endOfParagraphToMove=..., destination=..., preserveSelection=true, preserveStyle=true) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:1212 #11 0x00007fa3de7c2c74 in WebCore::InsertListCommand::listifyParagraph (this=0x7fa3bbbb52d0, originalStart=..., listTag=...) at ../../Source/WebCore/editing/InsertListCommand.cpp:396 #12 0x00007fa3de7c12e8 in WebCore::InsertListCommand::doApplyForSingleParagraph (this=0x7fa3bbbb52d0, forceCreateList=false, listTag=..., currentSelection=0x7fa3bbb73dc0) at ../../Source/WebCore/editing/InsertListCommand.cpp:259 #13 0x00007fa3de7c068a in WebCore::InsertListCommand::doApply (this=0x7fa3bbbb52d0) at ../../Source/WebCore/editing/InsertListCommand.cpp:195 #14 0x00007fa3df940f4c in WebCore::CompositeEditCommand::apply (this=0x7fa3bbbb52d0) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:227 #15 0x00007fa3df940cfd in WebCore::applyCommand (command=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:186 #16 0x00007fa3de7a5ab3 in WebCore::executeInsertOrderedList (frame=...) at ../../Source/WebCore/editing/EditorCommand.cpp:518 #17 0x00007fa3de7a959e in WebCore::Editor::Command::execute (this=0x7ffeb8307410, parameter=..., triggeringEvent=0x0) at ../../Source/WebCore/editing/EditorCommand.cpp:1703 #18 0x00007fa3de64dd39 in WebCore::Document::execCommand (this=0x7fa3bb826a40, commandName=..., userInterface=false, value=...) at ../../Source/WebCore/dom/Document.cpp:4657 #19 0x00007fa3dfd8022d in WebCore::jsDocumentPrototypeFunctionExecCommand (state=0x7ffeb83074e0) at DerivedSources/WebCore/JSDocument.cpp:5066 #20 0x00007fa37b7ff0c8 in ?? () #21 0x00007ffeb8307560 in ?? () #22 0x00007fa3d84b7036 in llint_entry () from webkit/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.1

Attachments
Test (261 bytes, text/html) 2015-11-10 07:46 PST, Renata Hodovan	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Brent Fulgham

Comment 1 2016-08-04 18:19:14 PDT

This reproduces in r204037.

Radar WebKit Bug Importer

Comment 2 2016-08-04 18:19:29 PDT

<rdar://problem/27711671>

Note You need to log in before you can comment on or make changes to this bug.