Bug 32422

Summary: InsertUnorderedList falls into an infinite loop because startOfCurrentParagraph stays on the same node
Product: WebKit Reporter: Berend-Jan Wever <skylined>
Component: HTML EditingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: enrica, eric, rniwa, tony
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows Vista   
URL: http://skypher.com/SkyLined/Repro/WebKit/Bug%2032422%20-%20execCommand%20100%25%20CPU%20usage/repro.html
Bug Depends on: 42436, 36430, 41403    
Bug Blocks:    
Attachments:
Description Flags
Repro none

Berend-Jan Wever
Reported 2009-12-11 04:24:09 PST
Created attachment 44669 [details] Repro <BODY></BODY> <SCRIPT> document.execCommand("SelectAll",false,""); document.designMode="on"; document.execCommand("InsertParagraph",false,1); document.execCommand("Indent",6); document.execCommand("insertimage",false,"ftp:"); document.execCommand("insertimage",false); document.execCommand("SelectAll",3); document.execCommand("subscript",""); document.execCommand("insertunorderedlist",false,3); </SCRIPT>
Attachments
Repro (424 bytes, text/html)
2009-12-11 04:24 PST, Berend-Jan Wever 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Berend-Jan Wever
Comment 1 2009-12-11 04:27:14 PST
Does not affect Safari, only Chrome.
Ryosuke Niwa
Comment 2 2010-03-22 12:31:55 PDT
I suspect this is a duplicate of the bug 33668.
Ryosuke Niwa
Comment 3 2010-03-22 14:30:22 PDT
This bug is caused by startOfCurrentParagraph not moving forward on http://trac.webkit.org/browser/trunk/WebCore/editing/InsertListCommand.cpp#L96. It stays on the same node while we add more LI elements to the document. We need to cleanup InsertListCommmand first so that removing/creating list element does not rely on selection.
Berend-Jan Wever
Comment 4 2011-08-01 00:54:05 PDT
@Ryosuke: the repro loads fast and without crashing for me in Chromium 15.0.840.0 with WebKit 535.1 (@91997). I'm assuming this got fixed together with some of your other changes to code in this area.
Ryosuke Niwa
Comment 5 2011-08-01 09:41:26 PDT
As I said on some other bugs, there's an inherent design issue in IndentOutdentCommand and InsertListCommand, and it's simply not worth my time to fix any inifinite loop or crash involving these two classes until we come up with a more comprehensive design fix.
Note You need to log in before you can comment on or make changes to this bug.