Bug 19703

Summary: Crash in WebCore::InsertNodeBeforeCommand::doUnapply()
Product: WebKit Reporter: Ojan Vafai <ovafai>
Component: HTML EditingAssignee: Darin Adler <darin>
Status: RESOLVED FIXED    
Severity: Normal CC: eric, jparent, justin.garcia, webkit
Priority: P2 Keywords: GoogleBug, InRadar
Version: 528+ (Nightly build)   
Hardware: All   
OS: OS X 10.5   
URL: http://www.mozilla.org/editor/midasdemo/
Attachments:
Description Flags
crash log
none
patch sullivan: review+

Ojan Vafai
Reported 2008-06-20 19:07:56 PDT
Go to http://www.mozilla.org/editor/midasdemo/. 1. Click on the "View HTML Source" checkbox 2. Type in "<blockquote>foo</blockquote>" 3. Uncheck the view html source checkbox. 4. Place your cursor in or after the word foo. 5. Hit ctrl+z once or twice. Crashes every time. I tried coming up with something more reduced, but couldn't.
Attachments
crash log (40.38 KB, text/plain)
2008-07-28 13:28 PDT, Robert Blaut 		no flags
Details
patch (142.80 KB, patch)
2008-12-22 16:01 PST, Darin Adler 		sullivan: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Robert Blaut
Comment 1 2008-07-28 13:28:01 PDT
Confirmed.
Robert Blaut
Comment 2 2008-07-28 13:28:28 PDT
Created attachment 22526 [details] crash log
David Harrison
Comment 3 2008-11-04 14:15:02 PST
In a debug build of TOT, this hits an assert ASSERTION FAILED: m_refChild->parentNode() (...WebCore/editing/InsertNodeBeforeCommand.cpp:59 virtual void WebCore::InsertNodeBeforeCommand::doUnapply())
David Harrison
Comment 4 2008-11-04 14:18:10 PST
rdar://4059423
Darin Adler
Comment 5 2008-12-22 15:21:14 PST
*** Bug 20676 has been marked as a duplicate of this bug. ***
Darin Adler
Comment 6 2008-12-22 16:01:27 PST
Created attachment 26218 [details] patch
John Sullivan
Comment 7 2008-12-23 12:12:55 PST
Comment on attachment 26218 [details] patch Two comments: 1) my eyes have gone partly numb reviewing this patch, so I'm not 100% confident that I would have noticed minor errors 2) it's not obvious from these changes whether the various vaguely-specified bug reports have actually been fixed But still, I didn't see any actual problems, and I saw lots of robustification. r=me assuming it passes the current layout tests. John
Darin Adler
Comment 8 2008-12-23 13:43:50 PST
http://trac.webkit.org/changeset/39456 OK. I believe that fixes the bug. Now we need some more testing to see if the crash is truly gone and also to see if all those duplicates were really duplicates.
Note You need to log in before you can comment on or make changes to this bug.