Bug 50590
| Summary: | WebKit hangs in InsertUnorderedList | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Daniel Jalkut <jalkut> |
| Component: | HTML Editing | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | enrica, rniwa, sullivan, tony |
| Priority: | P1 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | Mac (Intel) | ||
| OS: | OS X 10.6 | ||
Daniel Jalkut
Note: this may be a duplicate of one of these similar-seeming bugs:
https://bugs.webkit.org/show_bug.cgi?id=19735
https://bugs.webkit.org/show_bug.cgi?id=32422
I don't understand the hang mechanism well enough yet, or the details of those bugs enough to say whether they are based on the same root failure.
To reproduce the hang in Safari or a WebKit nightly (as of December 5, 2010 nightly):
1. Open Snippet editor.
2. Paste the following HTML:
<body></body>
<script>
document.designMode="on";
document.body.innerHTML = "<p>Test1</p><p style='min-height:14.0px;'><strong> </strong></p><p>Test2</p>"
document.execCommand("SelectAll");
document.execCommand("InsertUnorderedList");
</script>
3. Observe the hang.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Annie Sullivan
I started looking into this in the debugger. It gets into an infinite loop in the while() loop inside of InsertListCommand::doApply(). After the first iteration, it changes the HTML to this:
<p><ul><li>Test1</li></ul><p><strong> </strong></p><p>Test2</p>
Each iteration after that appends <li><br></li> to the <ul>. startOfCurrentParagraph is always the start of the second paragraph, and startOfLastParagraph is always the start of the third paragraph, so the while loop never terminates.
Ryosuke Niwa
(In reply to comment #1)
> I started looking into this in the debugger. It gets into an infinite loop in the while() loop inside of InsertListCommand::doApply(). After the first iteration, it changes the HTML to this:
I stopped fixing these bugs at some point in the past because fixing just one case doesn't improve the situation. We need a better mechanism to iterate through paragraphs and move paragraphs around. It's almost pointless in fixing this special case because there are trillion other ways to make WebKit crash.