Bug 77214

Summary: NULL ptr in WebCore::EditCommand::EditCommand
Product: WebKit Reporter: Berend-Jan Wever <skylined>
Component: HTML EditingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, ap, enrica, eric, rniwa, yosin
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows Vista   

Berend-Jan Wever
Reported 2012-01-27 07:03:17 PST
Chromium: http://code.google.com/p/chromium/issues/detail?id=111627 Detailed report: https://cluster-fuzz.appspot.com/testcase?key=15994492 Uploader: skylined@chromium.org Crash Type: UNKNOWN Crash Address: 0x000000000648 Crash State: - crash stack - WebCore::EditCommand::EditCommand WebCore::RemoveNodeCommand::RemoveNodeCommand WebCore::CompositeEditCommand::removeNode Regressed: https://cluster-fuzz.appspot.com/revisions?range=108839:108881 Minimized Testcase (1.84 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97Br59Xfu-ornA97BFHhzLrjDIeNtLJq12RZnpbzp4PjQQ0LKZUEmSk-EvxOZwnNPERJtaoX6Cwd3_zyhOk6VZG6lGKt8z81KGgm5YIAU-80uW6cNn_sr6Kb_g1Vu1ueHl2ic901i9KYAE24E2cHBZhAeZUCA
Attachments
Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1 2012-01-30 17:02:32 PST
I'm hitting an assertion inside [WebDataSourcePrivate dealloc] in the reduction: ASSERT(!loader->isLoading()); We're choking because we're trying to detach a frame while loading the frame in this test case.
Ryosuke Niwa
Comment 2 2012-02-13 13:37:14 PST
WebKit regression range seems bogus to me: http://trac.webkit.org/log/?rev=99399&stop_rev=99394&verbose=on These changes can't possibly cause a crash regression.
yosin
Comment 3 2013-06-13 21:36:49 PDT
Could not reproduce on Win7 27.0.1453.110 (Official Build 202711) m Some patches so far fixed this.
Note You need to log in before you can comment on or make changes to this bug.