Bug 109596 - ASSERT(extractedStyle) in ApplyStyleCommand::removeInlineStyleFromElement
Summary: ASSERT(extractedStyle) in ApplyStyleCommand::removeInlineStyleFromElement
Status: RESOLVED DUPLICATE of bug 119672
Alias: None
Product: WebKit
Classification: Unclassified
Component: Tables (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Linux
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks: 116980
  Show dependency treegraph
 
Reported: 2013-02-12 10:41 PST by Renata Hodovan
Modified: 2013-08-30 05:09 PDT (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Renata Hodovan 2013-02-12 10:41:19 PST 
I've got an assertion faulire in ApplyStyleCommand during HTML fuzzing: 

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff418f722 in WebCore::ApplyStyleCommand::removeInlineStyleFromElement (this=0x94d820, style=0x860fd0, element=..., 
    mode=WebCore::ApplyStyleCommand::RemoveAlways, extractedStyle=0x0)
    at /media/reni/8b40ba6d-a6c1-4266-9efc-917096aaf88d/reni/REPOS/webkit/Source/WebCore/editing/ApplyStyleCommand.cpp:879
879	        ASSERT(extractedStyle);


Test:

<html>
<body>
	<table>
		<tr>
			<td colspan=2 >Artists: <a href="#">Long chains of selectors</a></td>
		</tr>
	</table>
	<script>
		document.designMode = "on";
		document.execCommand("SelectAll");
		document.execCommand("CreateLink", 0, '#');
	</script>
</body>
</html>
Comment 1 Renata Hodovan 2013-08-30 05:09:55 PDT 

*** This bug has been marked as a duplicate of bug 119672 ***