RESOLVED FIXED 119672
ASSERTION FAILED: extractedStyle in WebCore::ApplyStyleCommand::removeInlineStyleFromElement 
https://bugs.webkit.org/show_bug.cgi?id=119672
Summary ASSERTION FAILED: extractedStyle in WebCore::ApplyStyleCommand::removeInlineS...
Renata Hodovan
Reported 2013-08-12 01:21:08 PDT
The following tests failed on the assertion: <html> <body> <table> <td> <a></a> </td> </table> <script> document.designMode = "on"; document.execCommand("SelectAll"); document.execCommand("CreateLink", 0, 'foo'); </script> </body> </html> Backtrace: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff56fe985 in WTFCrash () at /home/reni2/data/REPOS/webkit/Source/WTF/wtf/Assertions.cpp:342 342 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff56fe985 in WTFCrash () at /home/reni2/data/REPOS/webkit/Source/WTF/wtf/Assertions.cpp:342 #1 0x00007ffff42a9fb7 in WebCore::ApplyStyleCommand::removeInlineStyleFromElement (this=0x8a9450, style=0x8a8cd0, element=..., mode=WebCore::ApplyStyleCommand::RemoveAlways, extractedStyle=0x0) at /home/reni2/data/REPOS/webkit/Source/WebCore/editing/ApplyStyleCommand.cpp:889 #2 0x00007ffff42a9d00 in WebCore::ApplyStyleCommand::removeConflictingInlineStyleFromRun (this=0x8a9450, style=0x8a8cd0, runStart=..., runEnd=..., pastEndNode=...) at /home/reni2/data/REPOS/webkit/Source/WebCore/editing/ApplyStyleCommand.cpp:868 #3 0x00007ffff42a95d8 in WebCore::ApplyStyleCommand::applyInlineStyleToNodeRange (this=0x8a9450, style=0x8a8cd0, startNode=..., pastEndNode=...) at /home/reni2/data/REPOS/webkit/Source/WebCore/editing/ApplyStyleCommand.cpp:812 #4 0x00007ffff42a8b47 in WebCore::ApplyStyleCommand::fixRangeAndApplyInlineStyle (this=0x8a9450, style=0x8a8cd0, start=..., end=...) at /home/reni2/data/REPOS/webkit/Source/WebCore/editing/ApplyStyleCommand.cpp:711 #5 0x00007ffff42a8763 in WebCore::ApplyStyleCommand::applyInlineStyle (this=0x8a9450, style=0x8a8cd0) at /home/reni2/data/REPOS/webkit/Source/WebCore/editing/ApplyStyleCommand.cpp:674 #6 0x00007ffff42a58ff in WebCore::ApplyStyleCommand::doApply (this=0x8a9450) at /home/reni2/data/REPOS/webkit/Source/WebCore/editing/ApplyStyleCommand.cpp:225 #7 0x00007ffff42b4f8a in WebCore::CompositeEditCommand::applyCommandToComposite (this=0x8a8d50, prpCommand=...) at /home/reni2/data/REPOS/webkit/Source/WebCore/editing/CompositeEditCommand.cpp:266 #8 0x00007ffff42b5275 in WebCore::CompositeEditCommand::applyStyledElement (this=0x8a8d50, element=...) at /home/reni2/data/REPOS/webkit/Source/WebCore/editing/CompositeEditCommand.cpp:297 #9 0x00007ffff42c1774 in WebCore::CreateLinkCommand::doApply (this=0x8a8d50) at /home/reni2/data/REPOS/webkit/Source/WebCore/editing/CreateLinkCommand.cpp:50 #10 0x00007ffff42b4d52 in WebCore::CompositeEditCommand::apply (this=0x8a8d50) at /home/reni2/data/REPOS/webkit/Source/WebCore/editing/CompositeEditCommand.cpp:215 #11 0x00007ffff42b4ada in WebCore::applyCommand (command=...) at /home/reni2/data/REPOS/webkit/Source/WebCore/editing/CompositeEditCommand.cpp:171 #12 0x00007ffff42e5c89 in WebCore::executeCreateLink (frame=0x7a27a0, value=...) at /home/reni2/data/REPOS/webkit/Source/WebCore/editing/EditorCommand.cpp:293 #13 0x00007ffff42e9e1a in WebCore::Editor::Command::execute (this=0x7fffffffbc20, parameter=..., triggeringEvent=0x0) at /home/reni2/data/REPOS/webkit/Source/WebCore/editing/EditorCommand.cpp:1706 #14 0x00007ffff41b93b2 in WebCore::Document::execCommand (this=0x7f4470, commandName=..., userInterface=false, value=...) at /home/reni2/data/REPOS/webkit/Source/WebCore/dom/Document.cpp:4148 #15 0x00007ffff4ecd0c8 in WebCore::jsDocumentPrototypeFunctionExecCommand (exec=0x7fff9b3fd0b0) at generated/JSDocument.cpp:2748 #16 0x00007fff9bfff0e5 in ?? () #17 0x00007fffffffbdc0 in ?? () ---Type <return> to continue, or q <return> to quit--- #18 0x00007ffff68071d4 in llint_op_call () from /home/reni2/data/REPOS/webkit/WebKitBuild/Debug/lib/libQt5WebKit.so.5 #19 0x00007fffffffbd70 in ?? () #20 0x00007ffff5556017 in JSC::JSStack::installTrapsAfterFrame (this=0x0, frame=0x0) at /home/reni2/data/REPOS/webkit/Source/JavaScriptCore/interpreter/JSStackInlines.h:212 #21 0x00007ffff5566cea in JSC::JITCode::execute (this=0x86ef40, stack=0x788658, callFrame=0x7fff9b3fd058, vm=0x7de090) at /home/reni2/data/REPOS/webkit/Source/JavaScriptCore/jit/JITCode.cpp:46 #22 0x00007ffff555289d in JSC::Interpreter::execute (this=0x788640, program=0x7fff9a2afef0, callFrame=0x7fff9a3af8e0, thisObj=0x7fffe004ffd8) at /home/reni2/data/REPOS/webkit/Source/JavaScriptCore/interpreter/Interpreter.cpp:851 #23 0x00007ffff56318a5 in JSC::evaluate (exec=0x7fff9a3af8e0, source=..., thisValue=..., returnedException=0x7fffffffcac0) at /home/reni2/data/REPOS/webkit/Source/JavaScriptCore/runtime/Completion.cpp:83 #24 0x00007ffff3f6c4cb in WebCore::JSMainThreadExecState::evaluate (exec=0x7fff9a3af8e0, source=..., thisValue=..., exception=0x7fffffffcac0) at /home/reni2/data/REPOS/webkit/Source/WebCore/bindings/js/JSMainThreadExecState.h:74 #25 0x00007ffff3f8aa7a in WebCore::ScriptController::evaluateInWorld (this=0x785620, sourceCode=..., world=0x78f210) at /home/reni2/data/REPOS/webkit/Source/WebCore/bindings/js/ScriptController.cpp:142 #26 0x00007ffff3f8ab80 in WebCore::ScriptController::evaluate (this=0x785620, sourceCode=...) at /home/reni2/data/REPOS/webkit/Source/WebCore/bindings/js/ScriptController.cpp:158 #27 0x00007ffff4275a13 in WebCore::ScriptElement::executeScript (this=0x862db8, sourceCode=...) at /home/reni2/data/REPOS/webkit/Source/WebCore/dom/ScriptElement.cpp:316 #28 0x00007ffff42751ee in WebCore::ScriptElement::prepareScript (this=0x862db8, scriptStartPosition=..., supportLegacyTypes=WebCore::ScriptElement::DisallowLegacyTypeInTypeAttribute) at /home/reni2/data/REPOS/webkit/Source/WebCore/dom/ScriptElement.cpp:245 #29 0x00007ffff4425397 in WebCore::HTMLScriptRunner::runScript (this=0x77e010, script=0x862d50, scriptStartPosition=...) at /home/reni2/data/REPOS/webkit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:312 #30 0x00007ffff4424ae8 in WebCore::HTMLScriptRunner::execute (this=0x77e010, scriptElement=..., scriptStartPosition=...) at /home/reni2/data/REPOS/webkit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:181 #31 0x00007ffff44119f3 in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder (this=0x77fb30) at /home/reni2/data/REPOS/webkit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:271 #32 0x00007ffff4411ade in WebCore::HTMLDocumentParser::canTakeNextToken (this=0x77fb30, mode=WebCore::HTMLDocumentParser::AllowYield, session=...) at /home/reni2/data/REPOS/webkit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:290 #33 0x00007ffff44120f6 in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x77fb30, mode=WebCore::HTMLDocumentParser::AllowYield) ---Type <return> to continue, or q <return> to quit--- at /home/reni2/data/REPOS/webkit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:535 #34 0x00007ffff4411861 in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x77fb30, mode=WebCore::HTMLDocumentParser::AllowYield) at /home/reni2/data/REPOS/webkit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:235 #35 0x00007ffff4412a00 in WebCore::HTMLDocumentParser::append (this=0x77fb30, inputSource=...) at /home/reni2/data/REPOS/webkit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:747 #36 0x00007ffff41a55c9 in WebCore::DecodedDataDocumentParser::flush (this=0x77fb30, writer=0x6a6f30) at /home/reni2/data/REPOS/webkit/Source/WebCore/dom/DecodedDataDocumentParser.cpp:60 #37 0x00007ffff45aab37 in WebCore::DocumentWriter::end (this=0x6a6f30) at /home/reni2/data/REPOS/webkit/Source/WebCore/loader/DocumentWriter.cpp:245 #38 0x00007ffff459d6b0 in WebCore::DocumentLoader::finishedLoading (this=0x6a6e90, finishTime=0) at /home/reni2/data/REPOS/webkit/Source/WebCore/loader/DocumentLoader.cpp:402 #39 0x00007ffff459d41e in WebCore::DocumentLoader::notifyFinished (this=0x6a6e90, resource=0x785f00) at /home/reni2/data/REPOS/webkit/Source/WebCore/loader/DocumentLoader.cpp:344 #40 0x00007ffff4584714 in WebCore::CachedResource::checkNotify (this=0x785f00) at /home/reni2/data/REPOS/webkit/Source/WebCore/loader/cache/CachedResource.cpp:369 #41 0x00007ffff45847ea in WebCore::CachedResource::finishLoading (this=0x785f00) at /home/reni2/data/REPOS/webkit/Source/WebCore/loader/cache/CachedResource.cpp:385 #42 0x00007ffff4580f3c in WebCore::CachedRawResource::finishLoading (this=0x785f00, data=0x72d050) at /home/reni2/data/REPOS/webkit/Source/WebCore/loader/cache/CachedRawResource.cpp:94 #43 0x00007ffff45e7569 in WebCore::SubresourceLoader::didFinishLoading (this=0x784c30, finishTime=0) at /home/reni2/data/REPOS/webkit/Source/WebCore/loader/SubresourceLoader.cpp:282 #44 0x00007ffff45dde53 in WebCore::ResourceLoader::didFinishLoading (this=0x784c30, finishTime=0) at /home/reni2/data/REPOS/webkit/Source/WebCore/loader/ResourceLoader.cpp:488 #45 0x00007ffff4a888fd in WebCore::QNetworkReplyHandler::finish (this=0x78e9b0) at /home/reni2/data/REPOS/webkit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:516 #46 0x00007ffff4a8761c in WebCore::QNetworkReplyHandlerCallQueue::flush (this=0x78e9e8) at /home/reni2/data/REPOS/webkit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:250 #47 0x00007ffff4a87319 in WebCore::QNetworkReplyHandlerCallQueue::push (this=0x78e9e8, method=(void (WebCore::QNetworkReplyHandler::*)(WebCore::QNetworkReplyHandler * const)) 0x7ffff4a88742 <WebCore::QNetworkReplyHandler::finish()>) at /home/reni2/data/REPOS/webkit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:216 ---Type <return> to continue, or q <return> to quit--- #48 0x00007ffff4a88266 in WebCore::QNetworkReplyWrapper::didReceiveFinished (this=0x78b6a0) at /home/reni2/data/REPOS/webkit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:409 #49 0x00007ffff4a8abf8 in WebCore::QNetworkReplyWrapper::qt_static_metacall (_o=0x78b6a0, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fffffffd560) at .moc/release-shared/moc_QNetworkReplyHandler.cpp:175 #50 0x00007ffff21c70e1 in QMetaObject::activate(QObject*, int, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5 #51 0x00007ffff21c873e in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5 #52 0x00007ffff301e1f4 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Widgets.so.5 #53 0x00007ffff30215d1 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Widgets.so.5 #54 0x00007ffff21a1a24 in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5 #55 0x00007ffff21a3961 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5 #56 0x00007ffff21e91f3 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5 #57 0x00007fffeecd8f05 in g_main_dispatch (context=0x664790) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3054 #58 g_main_context_dispatch (context=context@entry=0x664790) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3630 #59 0x00007fffeecd9248 in g_main_context_iterate (context=context@entry=0x664790, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3701 #60 0x00007fffeecd9304 in g_main_context_iteration (context=0x664790, may_block=1) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3762 #61 0x00007ffff21e9634 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5 #62 0x00007ffff21a08fb in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5 #63 0x00007ffff21a3e9e in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5 #64 0x00000000004219f2 in launcherMain (app=...) at /home/reni2/data/REPOS/webkit/Tools/QtTestBrowser/qttestbrowser.cpp:50 #65 0x00000000004234d2 in main (argc=2, argv=0x7fffffffe278) at /home/reni2/data/REPOS/webkit/Tools/QtTestBrowser/qttestbrowser.cpp:319
Attachments
Test case (303 bytes, text/html)
2013-08-12 01:25 PDT, Renata Hodovan 		no flags
Details
Proposed patch (4.35 KB, patch)
2013-08-12 01:26 PDT, Renata Hodovan 		darin: review+
buildbot: commit-queue-
DetailsFormatted DiffDiff
Archive of layout-test-results from webkit-ews-12 for mac-mountainlion-wk2 (1.30 MB, application/zip)
2013-08-12 19:29 PDT, Build Bot 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Renata Hodovan
Comment 1 2013-08-12 01:25:32 PDT
Created attachment 208516 [details] Test case
Renata Hodovan
Comment 2 2013-08-12 01:26:22 PDT
Created attachment 208517 [details] Proposed patch
Build Bot
Comment 3 2013-08-12 19:29:05 PDT
Comment on attachment 208517 [details] Proposed patch Attachment 208517 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.appspot.com/results/1457267 New failing tests: editing/unsupported-content/table-delete-003.html editing/unsupported-content/list-type-before.html editing/unsupported-content/table-type-before.html editing/unsupported-content/list-delete-003.html editing/unsupported-content/list-delete-001.html editing/unsupported-content/list-type-after.html editing/unsupported-content/table-delete-002.html editing/unsupported-content/table-type-after.html editing/unsupported-content/table-delete-001.html
Build Bot
Comment 4 2013-08-12 19:29:06 PDT
Created attachment 208585 [details] Archive of layout-test-results from webkit-ews-12 for mac-mountainlion-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: webkit-ews-12 Port: mac-mountainlion-wk2 Platform: Mac OS X 10.8.4
Ryosuke Niwa
Comment 5 2013-08-12 19:29:54 PDT
Comment on attachment 208517 [details] Proposed patch View in context: https://bugs.webkit.org/attachment.cgi?id=208517&action=review > LayoutTests/editing/execCommand/extracted_style_assert.html:11 > + testRunner.waitUntilDone(); Do we really need to call this?
Renata Hodovan
Comment 6 2013-08-13 02:30:59 PDT
(In reply to comment #5) > (From update of attachment 208517 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=208517&action=review > > > LayoutTests/editing/execCommand/extracted_style_assert.html:11 > > + testRunner.waitUntilDone(); > > Do we really need to call this? Hmm... According to the description on trac we don't need it AFAIK. (I also checked w/o it and worked.) I guess I should remove the waitUntilDone/notifyDone pair together. Right? Should I upload a new version or can I commit with the modified test case?
Ryosuke Niwa
Comment 7 2013-08-14 01:48:40 PDT
(In reply to comment #6) > (In reply to comment #5) > > (From update of attachment 208517 [details] [details]) > > View in context: https://bugs.webkit.org/attachment.cgi?id=208517&action=review > > > > > LayoutTests/editing/execCommand/extracted_style_assert.html:11 > > > + testRunner.waitUntilDone(); > > > > Do we really need to call this? > > Hmm... According to the description on trac we don't need it AFAIK. (I also checked w/o it and worked.) I guess I should remove the waitUntilDone/notifyDone pair together. Right? Should I upload a new version or can I commit with the modified test case? Yes, We should remove both calls to waitUntilDone and notifyDone. And please go ahead and land it after modifying the patch.
Renata Hodovan
Comment 8 2013-08-22 03:13:09 PDT
Committed r154439: <http://trac.webkit.org/changeset/154439>
Renata Hodovan
Comment 9 2013-08-30 05:09:55 PDT
*** Bug 109596 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.