Bug 202903

Summary:	Chromium test-case asserts with ASSERTION FAILED: commandPtr->spanElement()->isConnected()
Product:	WebKit	Reporter:	Emilio Cobos Álvarez (:emilio) <emilio>
Component:	HTML Editing	Assignee:	Nobody <webkit-unassigned>
Status:	NEW
Severity:	Normal	CC:	ahmad.saleem792, rniwa, webkit-bug-importer, wenson_hsieh
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Emilio Cobos Álvarez (:emilio)

Reported 2019-10-13 14:10:17 PDT

On master (247b0314320d499ae788b6ea993aa1d98e2d607e / r250962), WebKitGTK build. Running this test-case: https://cs.chromium.org/chromium/src/third_party/blink/web_tests/editing/execCommand/italic-crash-by-iframe-load.html?rcl=753caf715d8f30f0c673f1b4b36dadfc75c3201f Asserts like: ASSERTION FAILED: commandPtr->spanElement()->isConnected() ../../Source/WebCore/editing/CompositeEditCommand.cpp(647) : WebCore::HTMLElement* WebCore::CompositeEditCommand::replaceElementWithSpanPreservingChildrenAndAttributes(WebCore::HTMLElement&) 1 0x7f8e39af23d3 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x9) [0x7f8e39af23d3] 2 0x7f8e4579b5f2 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF15CrashOnOverflow10overflowedEv+0) [0x7f8e4579b5f2] 3 0x7f8e493801ca /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore20CompositeEditCommand53replaceElementWithSpanPreservingChildrenAndAttributesERNS_11HTMLElementE+0xd4) [0x7f8e493801ca] 4 0x7f8e493784f6 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore17ApplyStyleCommand42replaceWithSpanOrRemoveIfWithoutAttributesERNS_11HTMLElementE+0x52) [0x7f8e493784f6] 5 0x7f8e49378655 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore17ApplyStyleCommand29removeImplicitlyStyledElementERNS_12EditingStyleERNS_11HTMLElementENS0_22InlineStyleRemovalModeEPS1_+0x105) [0x7f8e49378655] 6 0x7f8e49378456 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore17ApplyStyleCommand28removeInlineStyleFromElementERNS_12EditingStyleERNS_11HTMLElementENS0_22InlineStyleRemovalModeEPS1_+0xea) [0x7f8e49378456] 7 0x7f8e49378ead /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore17ApplyStyleCommand29pushDownInlineStyleAroundNodeERNS_12EditingStyleEPNS_4NodeE+0x20b) [0x7f8e49378ead] 8 0x7f8e4937942b /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore17ApplyStyleCommand17removeInlineStyleERNS_12EditingStyleERKNS_8PositionES5_+0x2eb) [0x7f8e4937942b] 9 0x7f8e49376b29 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore17ApplyStyleCommand16applyInlineStyleERNS_12EditingStyleE+0x867) [0x7f8e49376b29] 10 0x7f8e4937407a /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore17ApplyStyleCommand7doApplyEv+0x124) [0x7f8e4937407a] 11 0x7f8e4937ecd3 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore20CompositeEditCommand5applyEv+0xf5) [0x7f8e4937ecd3] 12 0x7f8e47d50e3d /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore6Editor10applyStyleEON3WTF6RefPtrINS_12EditingStyleENS1_13DumbPtrTraitsIS3_EEEENS_10EditActionENS0_15ColorFilterModeE+0x2d5) [0x7f8e47d50e3d] 13 0x7f8e47d60f1a /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0xcba0f1a) [0x7f8e47d60f1a] 14 0x7f8e47d61165 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0xcba1165) [0x7f8e47d61165] 15 0x7f8e47d64d36 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0xcba4d36) [0x7f8e47d64d36] 16 0x7f8e47d6662a /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZNK7WebCore6Editor7Command7executeERKN3WTF6StringEPNS_5EventE+0xdc) [0x7f8e47d6662a] 17 0x7f8e47b51268 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore8Document11execCommandERKN3WTF6StringEbS4_+0x56) [0x7f8e47b51268] 18 0x7f8e4685f694 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0xb69f694) [0x7f8e4685f694] 19 0x7f8e468791b6 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0xb6b91b6) [0x7f8e468791b6] 20 0x7f8e4685f702 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore38jsDocumentPrototypeFunctionExecCommandEPN3JSC14JSGlobalObjectEPNS0_9CallFrameE+0x23) [0x7f8e4685f702] 21 0x7f8de40fa16b [0x7f8de40fa16b]

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2019-10-14 17:24:41 PDT

<rdar://problem/56271314>

Ahmad Saleem

Comment 2 2023-01-03 18:12:44 PST

Fixed by this - https://chromium.googlesource.com/chromium/src.git/+/066d43cb325f801277f23fc1528ae699cbb22d50 & https://chromium.googlesource.com/chromium/src.git/+/db83f8597cc8dfa201161e23681af509a73349fa

Note You need to log in before you can comment on or make changes to this bug.