Bug 191921

Summary:

REGRESSION (r236785): Nullptr crash in StyledMarkupAccumulator::traverseNodesForSerialization

Product:

WebKit

Reporter:

Ryosuke Niwa <rniwa>

Component:

HTML Editing

Assignee:

Ryosuke Niwa <rniwa>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

commit-queue, ddkilzer, dino, ews-watchlist, graouts, koivisto, wenson_hsieh

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Fixes the bug	none
Archive of layout-test-results from ews126 for ios-simulator-wk2	none
Added iOS specifc test expectation	none
Fixed change log	none
Archive of layout-test-results from ews126 for ios-simulator-wk2	none
Patch for landing	none

Ryosuke Niwa

Reported 2018-11-23 01:17:53 PST

e.g. Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x0000000105712c10 WebCore::StyledMarkupAccumulator::traverseNodesForSerialization(WebCore::Node*, WebCore::Node*, WebCore::StyledMarkupAccumulator::NodeTraversalMode) + 112 1 com.apple.WebCore 0x0000000105712951 WebCore::StyledMarkupAccumulator::serializeNodes(WebCore::Position const&, WebCore::Position const&) + 113 2 com.apple.WebCore 0x0000000105714481 WebCore::serializePreservingVisualAppearanceInternal(WebCore::Position const&, WebCore::Position const&, WTF::Vector<WebCore::Node*, 0ul, WTF::CrashOnOverflow, 16ul>*, WebCore::ResolveURLs, WebCore::SerializeComposedTree, WebCore::AnnotateForInterchange, WebCore::ConvertBlocksToInlines, WebCore::MSOListMode) + 2801 3 com.apple.WebCore 0x0000000105714d7b WebCore::serializePreservingVisualAppearance(WebCore::VisibleSelection const&, WebCore::ResolveURLs, WebCore::SerializeComposedTree, WTF::Vector<WebCore::Node*, 0ul, WTF::CrashOnOverflow, 16ul>*) + 107 4 com.apple.WebCore 0x00000001059524ae WebCore::LegacyWebArchive::createFromSelection(WebCore::Frame*) + 238 5 com.apple.WebCore 0x0000000104b41e58 WebCore::Editor::selectionInWebArchiveFormat() + 24 6 com.apple.WebCore 0x0000000104b4162f WebCore::Editor::writeSelectionToPasteboard(WebCore::Pasteboard&) + 239 7 com.apple.WebCore 0x00000001056b883c WebCore::Editor::performCutOrCopy(WebCore::Editor::EditorActionSpecifier) + 684 8 com.apple.WebCore 0x00000001056c6200 WebCore::executeCopy(WebCore::Frame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) + 16 9 com.apple.WebKit 0x0000000103a588fc WebKit::WebPage::executeEditingCommand(WTF::String const&, WTF::String const&) + 102 10 com.apple.WebKit 0x0000000103e0ede3 WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&) + 9827 11 com.apple.WebKit 0x0000000103a9bf5b IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 127 12 com.apple.WebKit 0x0000000103d5c488 WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 28 <rdar://problem/45562959>

Attachments
Fixes the bug (5.40 KB, patch) 2018-11-23 01:23 PST, Ryosuke Niwa	no flags	Details Formatted Diff Diff
Archive of layout-test-results from ews126 for ios-simulator-wk2 (2.43 MB, application/zip) 2018-11-23 03:26 PST, EWS Watchlist	no flags	Details
Added iOS specifc test expectation (6.38 KB, patch) 2018-11-23 03:53 PST, Ryosuke Niwa	no flags	Details Formatted Diff Diff
Fixed change log (6.39 KB, patch) 2018-11-23 04:06 PST, Ryosuke Niwa	no flags	Details Formatted Diff Diff
Archive of layout-test-results from ews126 for ios-simulator-wk2 (2.41 MB, application/zip) 2018-11-23 06:10 PST, EWS Watchlist	no flags	Details
Patch for landing (6.39 KB, patch) 2018-11-23 13:59 PST, Ryosuke Niwa	no flags	Details Formatted Diff Diff
Show Obsolete (5) View All Add attachment proposed patch, testcase, etc.

Ryosuke Niwa

Comment 1 2018-11-23 01:23:51 PST

Created attachment 355503 [details] Fixes the bug

EWS Watchlist

Comment 2 2018-11-23 03:26:35 PST

Comment on attachment 355503 [details] Fixes the bug Attachment 355503 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: https://webkit-queues.webkit.org/results/10117123 New failing tests: editing/pasteboard/copy-paste-across-shadow-boundaries-5.html

EWS Watchlist

Comment 3 2018-11-23 03:26:36 PST

Created attachment 355506 [details] Archive of layout-test-results from ews126 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews126 Port: ios-simulator-wk2 Platform: Mac OS X 10.13.6

Ryosuke Niwa

Comment 4 2018-11-23 03:53:09 PST

Created attachment 355508 [details] Added iOS specifc test expectation

EWS Watchlist

Comment 5 2018-11-23 03:55:21 PST

Attachment 355508 [details] did not pass style-queue: ERROR: Source/WebCore/ChangeLog:13: Line contains tab character. [whitespace/tab] [5] Total errors found: 1 in 6 files If any of these errors are false positives, please file a bug against check-webkit-style.

Ryosuke Niwa

Comment 6 2018-11-23 04:05:21 PST

Comment on attachment 355508 [details] Added iOS specifc test expectation View in context: https://bugs.webkit.org/attachment.cgi?id=355508&action=review > Source/WebCore/ChangeLog:13 > + in a shadow tree. Also added more assertions to help debug issues like this in the future. Ugh... I have a tab character here.

Ryosuke Niwa

Comment 7 2018-11-23 04:06:24 PST

Created attachment 355509 [details] Fixed change log

EWS Watchlist

Comment 8 2018-11-23 06:10:12 PST

Comment on attachment 355509 [details] Fixed change log Attachment 355509 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: https://webkit-queues.webkit.org/results/10118090 New failing tests: editing/pasteboard/copy-paste-across-shadow-boundaries-5.html

EWS Watchlist

Comment 9 2018-11-23 06:10:14 PST

Created attachment 355511 [details] Archive of layout-test-results from ews126 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews126 Port: ios-simulator-wk2 Platform: Mac OS X 10.13.6

Ryosuke Niwa

Comment 10 2018-11-23 13:59:28 PST

Created attachment 355536 [details] Patch for landing

Ryosuke Niwa

Comment 11 2018-11-23 14:06:54 PST

Comment on attachment 355536 [details] Patch for landing Wait for EWS.

Ryosuke Niwa

Comment 12 2018-11-23 18:17:32 PST

Committed r238465: <https://trac.webkit.org/changeset/238465>

Note You need to log in before you can comment on or make changes to this bug.