Created attachment 221735 [details] Test case The failing test: <body style="-webkit-flow-from: foo; "> <script> document.designMode="on"; document.execCommand("selectall"); document.execCommand("insertparagraph"); </script> The backtrace: ASSERTION FAILED: container->renderer() /home/reni/Data/REPOS/webkit_sec/Source/WebCore/editing/CompositeEditCommand.cpp(912) : WTF::PassRefPtr<WebCore::Node> WebCore::CompositeEditCommand::appendBlockPlaceholder(WTF::PassRefPtr<WebCore::Element>) 1 0x7ffff5c172a1 WTFCrash 2 0x7ffff0a7c883 WebCore::CompositeEditCommand::appendBlockPlaceholder(WTF::PassRefPtr<WebCore::Element>) 3 0x7ffff0ac8e16 WebCore::InsertParagraphSeparatorCommand::doApply() 4 0x7ffff0a78e94 WebCore::CompositeEditCommand::applyCommandToComposite(WTF::PassRefPtr<WebCore::EditCommand>) 5 0x7ffff0af551a WebCore::TypingCommand::insertParagraphSeparator() 6 0x7ffff0af4ef5 WebCore::TypingCommand::doApply() 7 0x7ffff0a78c54 WebCore::CompositeEditCommand::apply() 8 0x7ffff0a78a4c WebCore::applyCommand(WTF::PassRefPtr<WebCore::CompositeEditCommand>) 9 0x7ffff0af4c30 WebCore::TypingCommand::insertParagraphSeparator(WebCore::Document&, unsigned int) 10 0x7ffff0aaeea1 11 0x7ffff0ab1f22 WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const 12 0x7ffff0976ab2 WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) 13 0x7ffff1812910 WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::ExecState*) 14 0x7fff9d5640e5 Program received signal SIGSEGV, Segmentation fault. 0x00007ffff5c172a6 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333 333 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff5c172a6 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333 #1 0x00007ffff0a7c883 in WebCore::CompositeEditCommand::appendBlockPlaceholder (this=0x12244c0, container=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/editing/CompositeEditCommand.cpp:912 #2 0x00007ffff0ac8e16 in WebCore::InsertParagraphSeparatorCommand::doApply (this=0x12244c0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/editing/InsertParagraphSeparatorCommand.cpp:222 #3 0x00007ffff0a78e94 in WebCore::CompositeEditCommand::applyCommandToComposite (this=0x1218800, prpCommand=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/editing/CompositeEditCommand.cpp:278 #4 0x00007ffff0af551a in WebCore::TypingCommand::insertParagraphSeparator (this=0x1218800) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/editing/TypingCommand.cpp:395 #5 0x00007ffff0af4ef5 in WebCore::TypingCommand::doApply (this=0x1218800) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/editing/TypingCommand.cpp:272 #6 0x00007ffff0a78c54 in WebCore::CompositeEditCommand::apply (this=0x1218800) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/editing/CompositeEditCommand.cpp:227 #7 0x00007ffff0a78a4c in WebCore::applyCommand (command=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/editing/CompositeEditCommand.cpp:182 #8 0x00007ffff0af4c30 in WebCore::TypingCommand::insertParagraphSeparator (document=..., options=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/editing/TypingCommand.cpp:219 #9 0x00007ffff0aaeea1 in WebCore::executeInsertParagraph (frame=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/editing/EditorCommand.cpp:557 #10 0x00007ffff0ab1f22 in WebCore::Editor::Command::execute (this=0x7fffffffb110, parameter=..., triggeringEvent=0x0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/editing/EditorCommand.cpp:1740 #11 0x00007ffff0976ab2 in WebCore::Document::execCommand (this=0x11c7fa0, commandName=..., userInterface=false, value=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:4220 #12 0x00007ffff1812910 in WebCore::jsDocumentPrototypeFunctionExecCommand (exec=0x7fff93d8bf48) at /home/reni/Data/REPOS/webkit_sec/WebKitBuild/Debug/DerivedSources/WebCore/JSDocument.cpp:3369 #13 0x00007fff9d5640e5 in ?? () #14 0x00007fff93d8bf98 in ?? () #15 0x00007ffff5c05421 in llint_op_call () from /home/reni/Data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.0 #16 0x00007fff9d5648e0 in ?? () #17 0x0000000001141690 in ?? () #18 0x0000000001150ce0 in ?? () #19 0x00007fffed3ea9a0 in thread_context_stack () from /home/reni/Data/REPOS/webkit_sec/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0 #20 0x0000000001158030 in ?? () #21 0x00007ffff16b79a0 in WebCore::JSDOMWindowBase::supportsProfiling (object=0x7fff9d5648e0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/bindings/js/JSDOMWindowBase.cpp:125 #22 0x00007fffffffb2a0 in ?? () #23 0x00007ffff59c7864 in JSC::JITCode::execute (this=0xf0458b4832eb0000, vm=0xb8077500f07d, protoCallFrame=0x8348f0458948fed4, topOfStack=0x1a36e8c7894860c0) at /home/reni/Data/REPOS/webkit_sec/Source/JavaScriptCore/jit/JITCode.cpp:48 Backtrace stopped: previous frame inner to this frame (corrupt stack?)
This still occurs under r204037.
<rdar://problem/27685003>
I am not able to reproduce this assert failed using attached test case in Minibrowser WK2 Debug build based of 259136@main. Just wanted to update. Thanks!
Closing based on Ahmad's testing.