Bug 19703

Summary: Crash in WebCore::InsertNodeBeforeCommand::doUnapply()
Product: WebKit Reporter: Ojan Vafai <ovafai>
Component: HTML EditingAssignee: Darin Adler <darin>
Status: RESOLVED FIXED    
Severity: Normal CC: eric, jparent, justin.garcia, webkit
Priority: P2 Keywords: GoogleBug, InRadar
Version: 528+ (Nightly build)   
Hardware: All   
OS: OS X 10.5   
URL: http://www.mozilla.org/editor/midasdemo/
Attachments:
Description Flags
crash log
none
patch sullivan: review+

Description Ojan Vafai 2008-06-20 19:07:56 PDT 
Go to http://www.mozilla.org/editor/midasdemo/.
1. Click on the "View HTML Source" checkbox
2. Type in "<blockquote>foo</blockquote>"
3. Uncheck the view html source checkbox.
4. Place your cursor in or after the word foo.
5. Hit ctrl+z once or twice.

Crashes every time. I tried coming up with something more reduced, but couldn't.
Comment 1 Robert Blaut 2008-07-28 13:28:01 PDT 
Confirmed.
Comment 2 Robert Blaut 2008-07-28 13:28:28 PDT 
Created attachment 22526 [details]
crash log
Comment 3 David Harrison 2008-11-04 14:15:02 PST 
In a debug build of TOT, this hits an assert

ASSERTION FAILED: m_refChild->parentNode()
(...WebCore/editing/InsertNodeBeforeCommand.cpp:59 virtual void WebCore::InsertNodeBeforeCommand::doUnapply())
Comment 4 David Harrison 2008-11-04 14:18:10 PST 
rdar://4059423
Comment 5 Darin Adler 2008-12-22 15:21:14 PST 
*** Bug 20676 has been marked as a duplicate of this bug. ***
Comment 6 Darin Adler 2008-12-22 16:01:27 PST 
Created attachment 26218 [details]
patch
Comment 7 John Sullivan 2008-12-23 12:12:55 PST 
Comment on attachment 26218 [details]
patch

Two comments:

1) my eyes have gone partly numb reviewing this patch, so I'm not 100% confident that I would have noticed minor errors
2) it's not obvious from these changes whether the various vaguely-specified bug reports have actually been fixed

But still, I didn't see any actual problems, and I saw lots of robustification. r=me assuming it passes the current layout tests.

John
Comment 8 Darin Adler 2008-12-23 13:43:50 PST 
http://trac.webkit.org/changeset/39456

OK. I believe that fixes the bug. Now we need some more testing to see if the crash is truly gone and also to see if all those duplicates were really duplicates.