Bug 37115

Summary: REGRESSION(r56989): Crash in Mail in WebCore::Position::isCandidate when deleting block using block deletion UI
Product: WebKit Reporter: Mark Rowe (bdash) <mrowe>
Component: HTML EditingAssignee: Mark Rowe (bdash) <mrowe>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, enrica, eric, mitz, rolandsteiner, svetloslav, webkit.review.bot
Priority: P2 Keywords: Regression
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.6   
Attachments:
Description Flags
Roll out r56989
adele: review+
Test case adele: review+

Mark Rowe (bdash)
Reported 2010-04-05 14:33:08 PDT
When Mail is run against WebKit r56989 or newer attempting to delete a block level element via the block deletion UI will crash. This can be reproduced by doing the following: 1) Run Mail against ToT WebKit. 2) Reply to a webkit-changes email message. 3) Place the caret in a diff hunk so that the block deletion UI appears. 4) Click on the delete button. You’ll see a crash like so: Thread 0 Crashed: 0 com.apple.WebCore 0x00000001008f9118 WebCore::Position::isCandidate() const + 16 (PositionIterator.h:49) 1 com.apple.WebCore 0x0000000100901728 WebCore::Frame::styleForSelectionStart(WebCore::Node*&) const + 196 (Frame.cpp:1305) 2 com.apple.WebCore 0x0000000100901542 WebCore::Editor::fontForSelection(bool&) const + 52 (Editor.cpp:411) 3 com.apple.WebKit 0x0000000100461f6a -[WebHTMLView(WebInternal) _updateFontPanel] + 170 (WebHTMLView.mm:5042) 4 com.apple.WebKit 0x00000001004649aa -[WebHTMLView(WebInternal) _selectionChanged] + 42 (WebHTMLView.mm:5022) 5 com.apple.WebKit 0x000000010046475e WebEditorClient::respondToChangedSelection() + 28 (WebEditorClient.mm:284) 6 com.apple.WebCore 0x00000001009014f1 WebCore::Editor::respondToChangedSelection(WebCore::VisibleSelection const&) + 69 (OwnPtr.h:63) 7 com.apple.WebCore 0x00000001008fe05d WebCore::Frame::respondToChangedSelection(WebCore::VisibleSelection const&, bool) + 1525 (Frame.cpp:1745) 8 com.apple.WebCore 0x0000000100f58c23 WebCore::SelectionController::setSelection(WebCore::VisibleSelection const&, bool, bool, bool, WebCore::TextGranularity) + 395 (SelectionController.cpp:162)
Attachments
Roll out r56989 (3.55 KB, patch)
2010-04-05 18:38 PDT, Mark Rowe (bdash) 		adele: review+
DetailsFormatted DiffDiff
Test case (22.50 KB, patch)
2010-04-05 18:38 PDT, Mark Rowe (bdash) 		adele: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Rowe (bdash)
Comment 1 2010-04-05 14:34:10 PDT
r56989 was a change related to bug 36741.
Mark Rowe (bdash)
Comment 2 2010-04-05 16:21:43 PDT
*** Bug 37119 has been marked as a duplicate of this bug. ***
Mark Rowe (bdash)
Comment 3 2010-04-05 18:38:25 PDT
Created attachment 52596 [details] Roll out r56989
Mark Rowe (bdash)
Comment 4 2010-04-05 18:38:50 PDT
Created attachment 52597 [details] Test case
Mark Rowe (bdash)
Comment 5 2010-04-05 18:45:59 PDT
Landed in r57110 and r57111.
WebKit Review Bot
Comment 6 2010-04-05 19:21:30 PDT
http://trac.webkit.org/changeset/57110 might have broken SnowLeopard Intel Release (Tests)
WebKit Review Bot
Comment 7 2010-04-05 19:21:50 PDT
http://trac.webkit.org/changeset/57111 might have broken SnowLeopard Intel Release (Tests)
Note You need to log in before you can comment on or make changes to this bug.