Bug 151095

Summary:

Should never be reached failure in WebCore::fontWeightIsBold

Product:

WebKit

Reporter:

Renata Hodovan <rhodovan.u-szeged>

Component:

HTML Editing

Assignee:

Nobody <webkit-unassigned>

Status:

NEW ---

Severity:

Normal

CC:

bfulgham, cdumez, mmaxfield, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Local Build

Hardware:

Unspecified

OS:

Unspecified

Bug Depends on:

Bug Blocks:

116980

Attachments:

Description	Flags
Test	none

Description Renata Hodovan 2015-11-10 07:46:11 PST

Created attachment 265177 [details]
Test

Load the attached test with debug MiniBrowser:

<!DOCTYPE html>
a
<style>
* {
    font-weight:lighter;
}
</style>
a
<style>
* {
    font-weight:900;
}
</style>
<script>
    document.designMode = 'on';
    document.execCommand("selectAll", false, null);
    document.execCommand("insertOrderedList" , false , null);
</script>


OS: Ubuntu 15.04 x86_64
Checked build: debug EFL
Checked version: 29ae33c


Backtrace:

SHOULD NEVER BE REACHED
../../Source/WebCore/editing/EditingStyle.cpp(1764) : bool WebCore::fontWeightIsBold(WebCore::CSSValue&)
1   0x7fa3d850e89f WTFCrash
2   0x7fa3de78038f
3   0x7fa3de7816c8
4   0x7fa3de7811e9
5   0x7fa3de784d1a WTF::PassRefPtr<WebCore::MutableStyleProperties> WebCore::getPropertiesNotIn<WebCore::MutableStyleProperties>(WebCore::StyleProperties&, WebCore::MutableStyleProperties&)
6   0x7fa3de77d07c WebCore::EditingStyle::removeStyleFromRulesAndContext(WebCore::StyledElement*, WebCore::Node*)
7   0x7fa3de7c95db WebCore::ReplaceSelectionCommand::removeRedundantStylesAndKeepStyleSpanInline(WebCore::ReplaceSelectionCommand::InsertedNodes&)
8   0x7fa3de7cec09 WebCore::ReplaceSelectionCommand::doApply()
9   0x7fa3df941220 WebCore::CompositeEditCommand::applyCommandToComposite(WTF::PassRefPtr<WebCore::EditCommand>)
10  0x7fa3df949bf2 WebCore::CompositeEditCommand::moveParagraphs(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, bool, bool)
11  0x7fa3df948dcf WebCore::CompositeEditCommand::moveParagraph(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, bool, bool)
12  0x7fa3de7c2c74 WebCore::InsertListCommand::listifyParagraph(WebCore::VisiblePosition const&, WebCore::QualifiedName const&)
13  0x7fa3de7c12e8 WebCore::InsertListCommand::doApplyForSingleParagraph(bool, WebCore::HTMLQualifiedName const&, WebCore::Range*)
14  0x7fa3de7c068a WebCore::InsertListCommand::doApply()
15  0x7fa3df940f4c WebCore::CompositeEditCommand::apply()
16  0x7fa3df940cfd WebCore::applyCommand(WTF::PassRefPtr<WebCore::CompositeEditCommand>)
17  0x7fa3de7a5ab3
18  0x7fa3de7a959e WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const
19  0x7fa3de64dd39 WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&)
20  0x7fa3dfd8022d WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::ExecState*)
21  0x7fa37b7ff0c8
Aborted (core dumped)

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007fa3d850e8a4 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321     *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007fa3d850e8a4 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1  0x00007fa3de78038f in WebCore::fontWeightIsBold (fontWeight=...) at ../../Source/WebCore/editing/EditingStyle.cpp:1764
#2  0x00007fa3de7816c8 in WebCore::fontWeightIsBold<WebCore::MutableStyleProperties> (style=...) at ../../Source/WebCore/editing/EditingStyle.cpp:1772
#3  0x00007fa3de7811e9 in WebCore::extractPropertiesNotIn<WebCore::MutableStyleProperties> (styleWithRedundantProperties=..., baseStyle=...)
    at ../../Source/WebCore/editing/EditingStyle.cpp:1786
#4  0x00007fa3de784d1a in WebCore::getPropertiesNotIn<WebCore::MutableStyleProperties> (styleWithRedundantProperties=..., baseStyle=...)
    at ../../Source/WebCore/editing/EditingStyle.cpp:1805
#5  0x00007fa3de77d07c in WebCore::EditingStyle::removeStyleFromRulesAndContext (this=0x7fa3bbb99240, element=0x7fa3bbbe38f0, context=0x7fa3bbbe3c30)
    at ../../Source/WebCore/editing/EditingStyle.cpp:1337
#6  0x00007fa3de7c95db in WebCore::ReplaceSelectionCommand::removeRedundantStylesAndKeepStyleSpanInline (this=0x7fa3bba89360, insertedNodes=...)
    at ../../Source/WebCore/editing/ReplaceSelectionCommand.cpp:517
#7  0x00007fa3de7cec09 in WebCore::ReplaceSelectionCommand::doApply (this=0x7fa3bba89360) at ../../Source/WebCore/editing/ReplaceSelectionCommand.cpp:1161
#8  0x00007fa3df941220 in WebCore::CompositeEditCommand::applyCommandToComposite (this=0x7fa3bbbb52d0, prpCommand=...)
    at ../../Source/WebCore/editing/CompositeEditCommand.cpp:278
#9  0x00007fa3df949bf2 in WebCore::CompositeEditCommand::moveParagraphs (this=0x7fa3bbbb52d0, startOfParagraphToMove=..., endOfParagraphToMove=..., 
    destination=..., preserveSelection=true, preserveStyle=true) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:1318
#10 0x00007fa3df948dcf in WebCore::CompositeEditCommand::moveParagraph (this=0x7fa3bbbb52d0, startOfParagraphToMove=..., endOfParagraphToMove=..., 
    destination=..., preserveSelection=true, preserveStyle=true) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:1212
#11 0x00007fa3de7c2c74 in WebCore::InsertListCommand::listifyParagraph (this=0x7fa3bbbb52d0, originalStart=..., listTag=...)
    at ../../Source/WebCore/editing/InsertListCommand.cpp:396
#12 0x00007fa3de7c12e8 in WebCore::InsertListCommand::doApplyForSingleParagraph (this=0x7fa3bbbb52d0, forceCreateList=false, listTag=..., 
    currentSelection=0x7fa3bbb73dc0) at ../../Source/WebCore/editing/InsertListCommand.cpp:259
#13 0x00007fa3de7c068a in WebCore::InsertListCommand::doApply (this=0x7fa3bbbb52d0) at ../../Source/WebCore/editing/InsertListCommand.cpp:195
#14 0x00007fa3df940f4c in WebCore::CompositeEditCommand::apply (this=0x7fa3bbbb52d0) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:227
#15 0x00007fa3df940cfd in WebCore::applyCommand (command=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:186
#16 0x00007fa3de7a5ab3 in WebCore::executeInsertOrderedList (frame=...) at ../../Source/WebCore/editing/EditorCommand.cpp:518
#17 0x00007fa3de7a959e in WebCore::Editor::Command::execute (this=0x7ffeb8307410, parameter=..., triggeringEvent=0x0)
    at ../../Source/WebCore/editing/EditorCommand.cpp:1703
#18 0x00007fa3de64dd39 in WebCore::Document::execCommand (this=0x7fa3bb826a40, commandName=..., userInterface=false, value=...)
    at ../../Source/WebCore/dom/Document.cpp:4657
#19 0x00007fa3dfd8022d in WebCore::jsDocumentPrototypeFunctionExecCommand (state=0x7ffeb83074e0) at DerivedSources/WebCore/JSDocument.cpp:5066
#20 0x00007fa37b7ff0c8 in ?? ()
#21 0x00007ffeb8307560 in ?? ()
#22 0x00007fa3d84b7036 in llint_entry () from webkit/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.1

Comment 1 Brent Fulgham 2016-08-04 18:19:14 PDT

This reproduces in r204037.

Comment 2 Radar WebKit Bug Importer 2016-08-04 18:19:29 PDT

<rdar://problem/27711671>