Bug 94854

Summary: Crash in WebCoreCompositeEditCommandinsertNodeAt
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: HTML EditingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED CONFIGURATION CHANGED    
Severity: Normal CC: ahmad.saleem792, ap, darin, enrica, sukolsak, sukolsak, tkent, tony
Priority: P1 Keywords: HasReduction
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Demonstrates the bug none

Description Ryosuke Niwa 2012-08-23 14:25:03 PDT 
Created attachment 160245 [details]
Demonstrates the bug

<embed>
<div style="overflow:scroll;">
<div style="display:table;"></div>
</div>
<script type="text/javascript">
document.designMode = "on"
document.execCommand("selectall")
document.execCommand("inserttext",false,"iframe")
document.execCommand("selectall")
</script>

0012ee9c 031fbe8a chrome_1c30000!WebCoreCompositeEditCommandinsertNodeAt(class WTFPassRefPtrWebCoreNode insertChild = class WTFPassRefPtrWebCoreNode, class WebCorePosition  editingPosition = 0x00000000)+0x47 [cbbuildslavewinbuildsrcthird_partywebkitsourcewebcoreeditingcompositeeditcommand.cpp @ 348]
0012ef60 031db893 chrome_1c30000!WebCoreDeleteSelectionCommanddoApply(void)+0x49a [cbbuildslavewinbuildsrcthird_partywebkitsourcewebcoreeditingdeleteselectioncommand.cpp @ 821]
0012ef74 031dc668 chrome_1c30000!WebCoreCompositeEditCommandapplyCommandToComposite(class WTFPassRefPtrWebCoreEditCommand prpCommand = class WTFPassRefPtrWebCoreEditCommand)+0x23 [cbbuildslavewinbuildsrcthird_partywebkitsourcewebcoreeditingcompositeeditcommand.cpp @ 257]
0012ef88 032af596 chrome_1c30000!WebCoreCompositeEditCommanddeleteSelection(bool smartDelete = false, bool mergeBlocksAfterDelete = true, bool replace = true, bool expandForSpecialElements = false)+0x48 [cbbuildslavewinbuildsrcthird_partywebkitsourcewebcoreeditingcompositeeditcommand.cpp @ 549]
0012f0c0 031db583 chrome_1c30000!WebCoreInsertTextCommanddoApply(void)+0x56 [cbbuildslavewinbuildsrcthird_partywebkitsourcewebcoreeditinginserttextcommand.cpp @ 114]
0012f0d0 031fe325 chrome_1c30000!WebCoreCompositeEditCommandapplyCommandToComposite(class WTFPassRefPtrWebCoreCompositeEditCommand command = class WTFPassRefPtrWebCoreCompositeEditCommand, class WebCoreVisibleSelection  selection = 0x051a84b8)+0x43 [cbbuildslavewinbuildsrcthird_partywebkitsourcewebcoreeditingcompositeeditcommand.cpp @ 272]
0012f0ec 031ff392 chrome_1c30000!WebCoreTypingCommandinsertTextRunWithoutNewlines(class WTFString  text = 0x051a851c, bool selectInsertedText = false)+0x55 [cbbuildslavewinbuildsrcthird_partywebkitsourcewebcoreeditingtypingcommand.cpp @ 385]
0012f108 03200078 chrome_1c30000!WebCoreTypingCommandinsertText(class WTFString  text = 0x051a851c, bool selectInsertedText = false)+0x92 [cbbuildslavewinbuildsrcthird_partywebkitsourcewebcoreeditingtypingcommand.cpp @ 370]
0012f118 031dd81b chrome_1c30000!WebCoreTypingCommanddoApply(void)+0xa8 [cbbuildslavewinbuildsrcthird_partywebkitsourcewebcoreeditingtypingcommand.cpp @ 285]
0012f128 031df9cb chrome_1c30000!WebCoreCompositeEditCommandapply(void)+0x6b [cbbuildslavewinbuildsrcthird_partywebkitsourcewebcoreeditingcompositeeditcommand.cpp @ 205]
0012f130 031fff23 chrome_1c30000!WebCoreapplyCommand(class WTFPassRefPtrWebCoreCompositeEditCommand command = class WTFPassRefPtrWebCoreCompositeEditCommand)+0xb [cbbuildslavewinbuildsrcthird_partywebkitsourcewebcoreeditingcompositeeditcommand.cpp @ 162]
...

http://crbug.com/121317
Comment 2 Ahmad Saleem 2022-10-16 10:38:54 PDT 
@rniwa - this test case does not seems to crash when changed to JSFiddle, do it need to be in Debug mode to crash or some specific steps and also this changes seems to be not merged in Webkit. Thanks!
Comment 3 Ryosuke Niwa 2022-10-19 09:57:38 PDT 
Yeah, this is config changed.