Bug 273581
| Summary: | Crash in CheckedPtr::decrementPtrCount via SplitTextNodeContainingElementCommand::doApply | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Ryosuke Niwa <rniwa> |
| Component: | HTML Editing | Assignee: | Ryosuke Niwa <rniwa> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | webkit-bug-importer, wenson_hsieh |
| Priority: | P2 | Keywords: | InRadar |
| Version: | Safari Technology Preview | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Ryosuke Niwa
e.g.
0 WebCore 0x11a8e45d8 OUTLINED_FUNCTION_0 + 8
1 WebCore 0x11b8c0ba4 WTFCrashWithInfo(int, char const*, char const*, int) + 24 [inlined]
2 WebCore 0x11b8c0ba4 WTF::CanMakeCheckedPtrBase<WTF::SingleThreadIntegralWrapper<unsigned int>, unsigned int>::decrementPtrCount() const + 24 (CheckedRef.h:286) [inlined]
3 WebCore 0x11b8c0ba4 WTF::CheckedPtr<WebCore::RenderElement, WTF::RawPtrTraits<WebCore::RenderElement>>::derefIfNotNull() + 24 (CheckedPtr.h:185) [inlined]
4 WebCore 0x11b8c0ba4 WTF::CheckedPtr<WebCore::RenderElement, WTF::RawPtrTraits<WebCore::RenderElement>>::~CheckedPtr() + 24 (CheckedPtr.h:72) [inlined]
5 WebCore 0x11b8c0ba4 WTF::CheckedPtr<WebCore::RenderElement, WTF::RawPtrTraits<WebCore::RenderElement>>::~CheckedPtr() + 24 (CheckedPtr.h:71) [inlined]
6 WebCore 0x11b8c0ba4 WebCore::SplitTextNodeContainingElementCommand::doApply() (.cold.1) + 24 (SplitTextNodeContainingElementCommand.cpp:65)
7 WebCore 0x11a845c40 WebCore::CompositeEditCommand::applyCommandToComposite(WTF::Ref<WebCore::EditCommand, WTF::RawPtrTraits<WebCore::EditCommand>, WTF::DefaultRefDerefTraits<WebCore::EditCommand>>&&) + 136 (CompositeEditCommand.cpp:498)
8 WebCore 0x11a841e00 WebCore::CompositeEditCommand::splitTextNodeContainingElement(WebCore::Text&, unsigned int) + 80 (CompositeEditCommand.cpp:729)
9 WebCore 0x11a83d638 WebCore::ApplyStyleCommand::splitTextElementAtEnd(WebCore::Position const&, WebCore::Position const&) + 92 (ApplyStyleCommand.cpp:1235)
10 WebCore 0x11a839b10 WebCore::ApplyStyleCommand::applyInlineStyle(WebCore::EditingStyle&) + 780 (ApplyStyleCommand.cpp:593)
11 WebCore 0x11a837a24 WebCore::ApplyStyleCommand::doApply() + 160 (ApplyStyleCommand.cpp:203)
12 WebCore 0x11a845c40 WebCore::CompositeEditCommand::applyCommandToComposite(WTF::Ref<WebCore::EditCommand, WTF::RawPtrTraits<WebCore::EditCommand>, WTF::DefaultRefDerefTraits<WebCore::EditCommand>>&&) + 136 (CompositeEditCommand.cpp:498)
13 WebCore 0x11a8b2f04 WebCore::RemoveFormatCommand::doApply() + 244 (RemoveFormatCommand.cpp:98)
14 WebCore 0x11a83344c WebCore::CompositeEditCommand::apply() + 300 (CompositeEditCommand.cpp:402)
15 WebCore 0x11a87343c WebCore::Editor::removeFormattingAndStyle() + 68 (Editor.cpp:961)
16 WebCore 0x11a89b520 WebCore::executeRemoveFormat(WebCore::LocalFrame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) + 24 (EditorCommand.cpp:1012)
17 WebCore 0x11a7359a4 WebCore::Document::execCommand(WTF::String const&, bool, std::__1::variant<WTF::String, WTF::RefPtr<WebCore::TrustedHTML, WTF::RawPtrTraits<WebCore::TrustedHTML>, WTF::DefaultRefDerefTraits<WebCore::TrustedHTML>>> const&) + 224 (Document.cpp:6928)
18 WebCore 0x119719b98 WebCore::jsDocumentPrototypeFunction_execCommandBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDocument*) + 440 (JSDocument.cpp:6446)
<rdar://127116949>
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Ryosuke Niwa
Pull request: https://github.com/WebKit/WebKit/pull/28013
EWS
Committed 278242@main (6de0a6e596b6): <https://commits.webkit.org/278242@main>
Reviewed commits have been landed. Closing PR #28013 and removing active labels.