Bug 191921

Summary:

REGRESSION (r236785): Nullptr crash in StyledMarkupAccumulator::traverseNodesForSerialization

Product:

WebKit

Reporter:

Ryosuke Niwa <rniwa>

Component:

HTML Editing

Assignee:

Ryosuke Niwa <rniwa>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

commit-queue, ddkilzer, dino, ews-watchlist, graouts, koivisto, wenson_hsieh

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Fixes the bug	none
Archive of layout-test-results from ews126 for ios-simulator-wk2	none
Added iOS specifc test expectation	none
Fixed change log	none
Archive of layout-test-results from ews126 for ios-simulator-wk2	none
Patch for landing	none

Description Ryosuke Niwa 2018-11-23 01:17:53 PST

e.g.

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore             	0x0000000105712c10 WebCore::StyledMarkupAccumulator::traverseNodesForSerialization(WebCore::Node*, WebCore::Node*, WebCore::StyledMarkupAccumulator::NodeTraversalMode) + 112
1   com.apple.WebCore             	0x0000000105712951 WebCore::StyledMarkupAccumulator::serializeNodes(WebCore::Position const&, WebCore::Position const&) + 113
2   com.apple.WebCore             	0x0000000105714481 WebCore::serializePreservingVisualAppearanceInternal(WebCore::Position const&, WebCore::Position const&, WTF::Vector<WebCore::Node*, 0ul, WTF::CrashOnOverflow, 16ul>*, WebCore::ResolveURLs, WebCore::SerializeComposedTree, WebCore::AnnotateForInterchange, WebCore::ConvertBlocksToInlines, WebCore::MSOListMode) + 2801
3   com.apple.WebCore             	0x0000000105714d7b WebCore::serializePreservingVisualAppearance(WebCore::VisibleSelection const&, WebCore::ResolveURLs, WebCore::SerializeComposedTree, WTF::Vector<WebCore::Node*, 0ul, WTF::CrashOnOverflow, 16ul>*) + 107
4   com.apple.WebCore             	0x00000001059524ae WebCore::LegacyWebArchive::createFromSelection(WebCore::Frame*) + 238
5   com.apple.WebCore             	0x0000000104b41e58 WebCore::Editor::selectionInWebArchiveFormat() + 24
6   com.apple.WebCore             	0x0000000104b4162f WebCore::Editor::writeSelectionToPasteboard(WebCore::Pasteboard&) + 239
7   com.apple.WebCore             	0x00000001056b883c WebCore::Editor::performCutOrCopy(WebCore::Editor::EditorActionSpecifier) + 684
8   com.apple.WebCore             	0x00000001056c6200 WebCore::executeCopy(WebCore::Frame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) + 16
9   com.apple.WebKit              	0x0000000103a588fc WebKit::WebPage::executeEditingCommand(WTF::String const&, WTF::String const&) + 102
10  com.apple.WebKit              	0x0000000103e0ede3 WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&) + 9827
11  com.apple.WebKit              	0x0000000103a9bf5b IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 127
12  com.apple.WebKit              	0x0000000103d5c488 WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 28

<rdar://problem/45562959>

Comment 1 Ryosuke Niwa 2018-11-23 01:23:51 PST

Created attachment 355503 [details]
Fixes the bug

Comment 2 EWS Watchlist 2018-11-23 03:26:35 PST

Comment on attachment 355503 [details]
Fixes the bug

Attachment 355503 [details] did not pass ios-sim-ews (ios-simulator-wk2):
Output: https://webkit-queues.webkit.org/results/10117123

New failing tests:
editing/pasteboard/copy-paste-across-shadow-boundaries-5.html

Comment 3 EWS Watchlist 2018-11-23 03:26:36 PST

Created attachment 355506 [details]
Archive of layout-test-results from ews126 for ios-simulator-wk2

The attached test failures were seen while running run-webkit-tests on the ios-sim-ews.
Bot: ews126  Port: ios-simulator-wk2  Platform: Mac OS X 10.13.6

Comment 4 Ryosuke Niwa 2018-11-23 03:53:09 PST

Created attachment 355508 [details]
Added iOS specifc test expectation

Comment 5 EWS Watchlist 2018-11-23 03:55:21 PST

Attachment 355508 [details] did not pass style-queue:


ERROR: Source/WebCore/ChangeLog:13:  Line contains tab character.  [whitespace/tab] [5]
Total errors found: 1 in 6 files


If any of these errors are false positives, please file a bug against check-webkit-style.

Comment 6 Ryosuke Niwa 2018-11-23 04:05:21 PST

Comment on attachment 355508 [details]
Added iOS specifc test expectation

View in context: https://bugs.webkit.org/attachment.cgi?id=355508&action=review

> Source/WebCore/ChangeLog:13
> +	in a shadow tree. Also added more assertions to help debug issues like this in the future.

Ugh... I have a tab character here.

Comment 7 Ryosuke Niwa 2018-11-23 04:06:24 PST

Created attachment 355509 [details]
Fixed change log

Comment 8 EWS Watchlist 2018-11-23 06:10:12 PST

Comment on attachment 355509 [details]
Fixed change log

Attachment 355509 [details] did not pass ios-sim-ews (ios-simulator-wk2):
Output: https://webkit-queues.webkit.org/results/10118090

New failing tests:
editing/pasteboard/copy-paste-across-shadow-boundaries-5.html

Comment 9 EWS Watchlist 2018-11-23 06:10:14 PST

Created attachment 355511 [details]
Archive of layout-test-results from ews126 for ios-simulator-wk2

The attached test failures were seen while running run-webkit-tests on the ios-sim-ews.
Bot: ews126  Port: ios-simulator-wk2  Platform: Mac OS X 10.13.6

Comment 10 Ryosuke Niwa 2018-11-23 13:59:28 PST

Created attachment 355536 [details]
Patch for landing

Comment 11 Ryosuke Niwa 2018-11-23 14:06:54 PST

Comment on attachment 355536 [details]
Patch for landing

Wait for EWS.

Comment 12 Ryosuke Niwa 2018-11-23 18:17:32 PST

Committed r238465: <https://trac.webkit.org/changeset/238465>