Bug 50447

Summary: chrome.dll!WebCore::AppendNodeCommand::AppendNodeCommand ReadAV@NULL (3c69c96576a9146f251ce6b27fed9737)
Product: WebKit Reporter: Berend-Jan Wever <skylined>
Component: HTML EditingAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: dbates, eric, rniwa, skylined
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows Vista   
URL: http://code.google.com/p/chromium/issues/detail?id=65264
Attachments:
Description Flags
Repro none

Description Berend-Jan Wever 2010-12-03 02:06:32 PST 
Created attachment 75478 [details]
Repro

Repro:
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <style>
       *:before{
          content: ""ou
       }
    </style>
    <script>
      function go() {
        document.execCommand("SelectAll",false);
        document.execCommand("Indent",false);
      }
    </script>
  </head>
  <body onload="go()" contenteditable="true">
    <canvas></canvas>
    <ul><li></li></ul>
  </body>
</html>

id:             chrome.dll!WebCore::AppendNodeCommand::AppendNodeCommand ReadAV@NULL (3c69c96576a9146f251ce6b27fed9737)
description:    Attempt to read from unallocated NULL pointer+0x14 in chrome.dll!WebCore::AppendNodeCommand::AppendNodeCommand
application:    Chromium 9.0.598.0
stack:          chrome.dll!WebCore::AppendNodeCommand::AppendNodeCommand
                chrome.dll!WebCore::AppendNodeCommand::create
                chrome.dll!WebCore::CompositeEditCommand::appendNode
                chrome.dll!WebCore::CompositeEditCommand::cloneParagraphUnderNewElement
                chrome.dll!WebCore::CompositeEditCommand::moveParagraphWithClones
                chrome.dll!WebCore::IndentOutdentCommand::indentIntoBlockquote
                chrome.dll!WebCore::IndentOutdentCommand::formatRange
                chrome.dll!WebCore::ApplyBlockElementCommand::formatSelection
                chrome.dll!WebCore::ApplyBlockElementCommand::doApply
                chrome.dll!WebCore::EditCommand::apply
                chrome.dll!WebCore::applyCommand
                chrome.dll!WebCore::executeIndent
                chrome.dll!WebCore::Editor::Command::execute
                chrome.dll!WebCore::Document::execCommand
                chrome.dll!WebCore::DocumentInternal::execCommandCallback
                chrome.dll!v8::internal::HandleApiCallHelper<...>
                chrome.dll!v8::internal::Builtin_HandleApiCall
                chrome.dll!v8::internal::Invoke
                chrome.dll!v8::internal::Execution::Call
                ...
Comment 1 Daniel Bates 2011-10-02 20:12:56 PDT 
Comment 2 of the corresponding Chromium bug <http://code.google.com/p/chromium/issues/detail?id=65264#c2> states that this bug may be a duplicate of Chromium bug <http://code.google.com/p/chromium/issues/detail?id=64749>, which corresponds to WebKit Bug #50218.