Bug 99607
| Summary: | editing/pasteboard/paste-noscript-xhtml.xhtml crashes in chromium's content_shell | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | jochen |
| Component: | HTML Editing | Assignee: | Adam Klein <adamk> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | adamk, esprehn, leviw, ojan, rniwa |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Bug Depends on: | 99880 | ||
| Bug Blocks: | |||
jochen
When running
new_run_webkit_tests --chromium --debug --driver-name=content_shell --additional-drt-flag=--dump-render-tree --additional-drt-flag=--no-sandbox --clobber-old-results --no-show-results editing/pasteboard/paste-noscript-xhtml.xhtml
I get the following crash:
STDERR: [20611:20611:1017/190312:32571343945:ERROR:process_util_posix.cc(144)] Received signal 11
STDERR: base::debug::StackTrace::StackTrace() [0x4e505e]
STDERR: base::(anonymous namespace)::StackDumpSignalHandler() [0x4fe814]
STDERR: 0x7fc9502a84c0
STDERR: WebCore::Node::getFlag() [0xc5084e]
STDERR: WebCore::Node::isContainerNode() [0x1e02c0a]
STDERR: WebCore::Node::firstChild() [0x1e292a9]
STDERR: WebCore::getChildNodes() [0x2c2ce43]
STDERR: WebCore::ContainerNode::takeAllChildrenFrom() [0x309d9aa]
STDERR: WebCore::createFragmentFromMarkupWithContext() [0x27e112a]
STDERR: WebCore::Pasteboard::documentFragment() [0x39f3efa]
STDERR: WebCore::Editor::pasteWithPasteboard() [0x2779bfd]
STDERR: WebCore::Editor::paste() [0x277d47e]
STDERR: WebCore::executePaste() [0x278fca1]
STDERR: WebCore::Editor::Command::execute() [0x278c1d5]
STDERR: WebCore::Document::execCommand() [0x30c6c0e]
STDERR: WebCore::DocumentV8Internal::execCommandCallback() [0x36826b3]
STDERR: v8::internal::HandleApiCallHelper<>() [0x1699b95]
STDERR: v8::internal::Builtin_Impl_HandleApiCall() [0x1699773]
STDERR: v8::internal::Builtin_HandleApiCall() [0x16932fc]
STDERR: 0x24143650618e
Tracked also in http://code.google.com/p/chromium/issues/detail?id=156376
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Adam Klein
Most likely reason for this is that we're passing an empty DocumentFragment to ContainerNode::takeAllChildrenFrom(), which assumes (but doesn't check) that oldParent is non-null. Will look into it.
Adam Klein
I'm running into a bit of a problem trying to track this down, in that I can't figure out how to attach gdb to the renderer. jochen, any tips?
jochen
(In reply to comment #2)
> I'm running into a bit of a problem trying to track this down, in that I can't figure out how to attach gdb to the renderer. jochen, any tips?
I would try
echo /path/to/editing/pasteboard/paste-noscript-xhtml.xhtml | out/Debug/content_shell --dump-render-tree --no-timeout --no-sandbox --renderer-cmd-prefix='xterm -title renderer -e gdb --eval-command=run --args'
That should start each renderer in a gdb in a new xterm
Adam Klein
Thanks, used printfs for now. It looks like the problem is that the selected content can't be parsed, likely due to a leading <meta charset='UTF-8'> tag in the selected markup. Still digging to figure out how that's ending up in the selection, and only in ContentShell.
Adam Klein
(In reply to comment #4)
> Thanks, used printfs for now. It looks like the problem is that the selected content can't be parsed, likely due to a leading <meta charset='UTF-8'> tag in the selected markup. Still digging to figure out how that's ending up in the selection, and only in ContentShell.
Correction, that's "<meta charset='utf-8'>" to be precise, and at least on Mac it looks like we add that to the selection. Last of updates for now, I think I've got a bead on it.
Adam Klein
Okay, I lied, one more question for jochen: I take it you were running this on Linux? I'm not able to reproduce there, only on Mac, and the <meta> tag insertion I mentioned before seems to be Mac-specific.
jochen
(In reply to comment #6)
> Okay, I lied, one more question for jochen: I take it you were running this on Linux? I'm not able to reproduce there, only on Mac, and the <meta> tag insertion I mentioned before seems to be Mac-specific.
Yes, sorry for not mentioning this.
I can repro on 64bit lucid and precise
Adam Klein
(In reply to comment #7)
> (In reply to comment #6)
> > Okay, I lied, one more question for jochen: I take it you were running this on Linux? I'm not able to reproduce there, only on Mac, and the <meta> tag insertion I mentioned before seems to be Mac-specific.
>
> Yes, sorry for not mentioning this.
>
> I can repro on 64bit lucid and precise
Hmm, I can't on precise (the test fails to run properly instead, looks like perhaps the paste never happens?). Anyway, the <meta> thing looks like a real bug (http://crbug.com/136218).
jochen
(In reply to comment #8)
> (In reply to comment #7)
> > (In reply to comment #6)
> > > Okay, I lied, one more question for jochen: I take it you were running this on Linux? I'm not able to reproduce there, only on Mac, and the <meta> tag insertion I mentioned before seems to be Mac-specific.
> >
> > Yes, sorry for not mentioning this.
> >
> > I can repro on 64bit lucid and precise
>
> Hmm, I can't on precise (the test fails to run properly instead, looks like perhaps the paste never happens?). Anyway, the <meta> thing looks like a real bug (http://crbug.com/136218).
Are you building after chromium r161834 ?
Adam Klein
Should be fixed by http://trac.webkit.org/changeset/132211