Bug 56644

Summary: chrome.dll!WebCore::positionAvoidingPrecedingNodes ReadAV@NULL (586c6d571697e9318ad053888f701434)
Product: WebKit Reporter: Berend-Jan Wever <skylined>
Component: HTML EditingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: rniwa
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows Vista   
Bug Depends on: 56771    
Bug Blocks:    
Attachments:
Description Flags
Repro none

Berend-Jan Wever
Reported 2011-03-18 07:25:50 PDT
Created attachment 86162 [details] Repro Chromium: http://code.google.com/p/chromium/issues/detail?id=76675 Repro: <body onload="go()"></body> <script> function go() { document.open(); document.designMode="on"; var oSelection = window.getSelection(); oSelection.setPosition(document,6); document.write("x"); document.execCommand("InsertImage"); } </script> id: chrome.dll!WebCore::positionAvoidingPrecedingNodes ReadAV@NULL (586c6d571697e9318ad053888f701434) description: Attempt to read from unallocated NULL pointer+0x24 in chrome.dll!WebCore::positionAvoidingPrecedingNodes stack: chrome.dll!WebCore::positionAvoidingPrecedingNodes chrome.dll!WebCore::ReplaceSelectionCommand::doApply chrome.dll!WebCore::EditCommand::apply chrome.dll!WebCore::applyCommand chrome.dll!WebCore::executeInsertFragment chrome.dll!WebCore::executeInsertNode chrome.dll!WebCore::executeInsertImage chrome.dll!WebCore::Editor::Command::execute chrome.dll!WebCore::Document::execCommand chrome.dll!WebCore::DocumentInternal::execCommandCallback chrome.dll!v8::internal::HandleApiCallHelper<...> chrome.dll!v8::internal::Builtin_HandleApiCall chrome.dll!v8::internal::Invoke chrome.dll!v8::internal::Execution::Call ...
Attachments
Repro (269 bytes, text/html)
2011-03-18 07:25 PDT, Berend-Jan Wever 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1 2011-03-21 15:59:49 PDT
I can't reproduce this crash on Chrome 11.0.696.12 although it hits an assertion on ToT WebKit.
Berend-Jan Wever
Comment 2 2011-03-28 03:54:10 PDT
Have you tried Chrome 12? This reproduces in 12.0.716.0 (79495) for me.
Ryosuke Niwa
Comment 3 2011-04-03 08:28:29 PDT
Fixed in http://trac.webkit.org/changeset/82791.
Note You need to log in before you can comment on or make changes to this bug.