Bug 224941

Summary:

Crash in BreakBlockquoteCommand::doApply()

Product:

WebKit

Reporter:

Julian Gonzalez <julian_a_gonzalez>

Component:

HTML Editing

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

darin, ews-watchlist, fujii.hironori, mifenton, rniwa, wenson_hsieh

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch	none
Patch	none
Patch	none

Julian Gonzalez

Reported 2021-04-22 12:27:33 PDT

e.g. 0 WTF::OptionSet<WebCore::Node::NodeFlag>::isEmpty() 1 WTF::OptionSet<WebCore::Node::NodeFlag>::operator bool() 2 WTF::OptionSet<WebCore::Node::NodeFlag>::containsAny(WTF::OptionSet<WebCore::Node::NodeFlag>) 3 WTF::OptionSet<WebCore::Node::NodeFlag>::contains(WebCore::Node::NodeFlag) 4 WebCore::Node::hasNodeFlag(WebCore::Node::NodeFlag) 5 WebCore::Node::isConnected() 6 WebCore::Node::isDescendantOf(WebCore::Node const&) 7 WebCore::BreakBlockquoteCommand::doApply() 8 WebCore::CompositeEditCommand::applyCommandToComposite(WTF::Ref<WebCore::EditCommand, WTF::RawPtrTraits<WebCore::EditCommand> >&&) 9 WebCore::ReplaceSelectionCommand::doApply() 10 WebCore::CompositeEditCommand::apply() <rdar://problem/76705379>

Attachments
Patch (5.49 KB, patch) 2021-04-22 12:42 PDT, Julian Gonzalez	no flags	Details Formatted Diff Diff
Patch (5.55 KB, patch) 2021-04-23 12:07 PDT, Julian Gonzalez	no flags	Details Formatted Diff Diff
Patch (5.59 KB, patch) 2021-04-23 14:19 PDT, Julian Gonzalez	no flags	Details Formatted Diff Diff
Patch (5.60 KB, patch) 2021-04-24 00:57 PDT, Julian Gonzalez	no flags	Details Formatted Diff Diff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.

Julian Gonzalez

Comment 1 2021-04-22 12:42:35 PDT

Created attachment 426839 [details] Patch

Ryosuke Niwa

Comment 2 2021-04-22 23:59:28 PDT

Comment on attachment 426839 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=426839&action=review > Source/WebCore/editing/BreakBlockquoteCommand.cpp:-121 > - ASSERT(startNode); > } > - Instead of bailing out, can we use the original startNode if there is no more node left?

Julian Gonzalez

Comment 3 2021-04-23 12:03:27 PDT

(In reply to Ryosuke Niwa from comment #2) > Comment on attachment 426839 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=426839&action=review > > > Source/WebCore/editing/BreakBlockquoteCommand.cpp:-121 > > - ASSERT(startNode); > > } > > - > > Instead of bailing out, can we use the original startNode if there is no > more node left? This seems to work, I'll update the patch here.

Julian Gonzalez

Comment 4 2021-04-23 12:07:14 PDT

Created attachment 426932 [details] Patch

Darin Adler

Comment 5 2021-04-23 13:04:13 PDT

Comment on attachment 426932 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=426932&action=review > Source/WebCore/editing/BreakBlockquoteCommand.cpp:114 > + Node* nextNode = NodeTraversal::next(*startNode); > + if (nextNode) > + startNode = nextNode; Should be scoped: if (auto nextNode = NodeTraversal::next(*startNode)) startNode = nextNode; > Source/WebCore/editing/BreakBlockquoteCommand.cpp:120 > + Node* nextNode = NodeTraversal::next(*startNode); > + startNode = childAtOffset ? childAtOffset : (nextNode ? nextNode : startNode); Ideally would like to avoid doing node traversal if childAtOffset is non-null. I’d write this: if (auto child = startNode->traverseToChildAt(pos.deprecatedEditingOffset())) startNode = child; else if (auto next = NodeTraversal::next(*startNode)) startNode = next;

Julian Gonzalez

Comment 6 2021-04-23 14:19:56 PDT

Created attachment 426945 [details] Patch

Ryosuke Niwa

Comment 7 2021-04-23 18:18:24 PDT

Comment on attachment 426945 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=426945&action=review > Source/WebCore/editing/BreakBlockquoteCommand.cpp:112 > + if (auto nextNode = NodeTraversal::next(*startNode)) This is a bit misleading. This should be either auto* or we should be calling makeRefPtr & WTFMove(nextNode) below > Source/WebCore/editing/BreakBlockquoteCommand.cpp:117 > + if (auto child = startNode->traverseToChildAt(pos.deprecatedEditingOffset())) Ditto. > Source/WebCore/editing/BreakBlockquoteCommand.cpp:119 > + else if (auto next = NodeTraversal::next(*startNode)) Ditto.

Julian Gonzalez

Comment 8 2021-04-24 00:57:59 PDT

Created attachment 426976 [details] Patch

Darin Adler

Comment 9 2021-04-24 10:14:13 PDT

Comment on attachment 426945 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=426945&action=review >> Source/WebCore/editing/BreakBlockquoteCommand.cpp:112 >> + if (auto nextNode = NodeTraversal::next(*startNode)) > > This is a bit misleading. This should be either auto* or we should be calling makeRefPtr & WTFMove(nextNode) below This is an interesting new coding style idea/rule that I have never heard before. I often use auto for types that are raw pointers. I know some people prefer using auto*, but this is not a preference I share. Ryosuke, are you going even further and suggesting that, due to the risk of thinking that something is a safer smart pointer, we should have a style rule to never use "auto" for a raw pointer?

Ryosuke Niwa

Comment 10 2021-04-24 15:28:08 PDT

(In reply to Darin Adler from comment #9) > Comment on attachment 426945 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=426945&action=review > > >> Source/WebCore/editing/BreakBlockquoteCommand.cpp:112 > >> + if (auto nextNode = NodeTraversal::next(*startNode)) > > > > This is a bit misleading. This should be either auto* or we should be calling makeRefPtr & WTFMove(nextNode) below > > This is an interesting new coding style idea/rule that I have never heard > before. > > I often use auto for types that are raw pointers. I know some people prefer > using auto*, but this is not a preference I share. Oh really? I thought we always used auto* for pointer types but I guess I stand corrected. > Ryosuke, are you going even further and suggesting that, due to the risk of > thinking that something is a safer smart pointer, we should have a style > rule to never use "auto" for a raw pointer? I'm not suggesting. I thought that was the existing convention / rule but I guess it's not codified anywhere. It's probably a good practice although clang static analyzer might make it obsolete since it can automatically detect pointer types based on the actual type interference.

EWS

Comment 11 2021-04-24 15:32:06 PDT

Committed r276558 (236995@main): <https://commits.webkit.org/236995@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 426976 [details].

Fujii Hironori

Comment 12 2021-04-25 23:11:56 PDT

Comment on attachment 426976 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=426976&action=review > LayoutTests/TestExpectations:1744 > +webkit.org/b/224941 [ Debug ] editing/pasteboard/paste-as-quotation-then-paste-crash.html [ WontFix ] This assertion failure didn't seem to be filed. Filed: Bug 225046 – editing/pasteboard/paste-as-quotation-then-paste-crash.html: ASSERTION FAILED: m_parent->hasEditableStyle() || !m_parent->renderer()

Note You need to log in before you can comment on or make changes to this bug.