NEW 127342
ASSERTION FAILED: node == end.deprecatedNode() || !node->contains(end.deprecatedNode()) in WebCore::ApplyStyleCommand::removeInlineStyle 
https://bugs.webkit.org/show_bug.cgi?id=127342
Summary ASSERTION FAILED: node == end.deprecatedNode() || !node->contains(end.depreca...
Renata Hodovan
Reported 2014-01-21 05:50:36 PST
Created attachment 221737 [details] Test case The test: <applet code="applet1.class">foo <small> <iframe onload="document.designMode=&apos;on&apos;; document.execCommand(&apos;selectall&apos;); document.execCommand(&apos;italic&apos;); document.execCommand(&apos;RemoveFormat&apos;);" seamless></iframe> </applet> The backtrace: ASSERTION FAILED: node == end.deprecatedNode() || !node->contains(end.deprecatedNode()) /home/reni/Data/REPOS/webkit_sec/Source/WebCore/editing/ApplyStyleCommand.cpp(1126) : void WebCore::ApplyStyleCommand::removeInlineStyle(WebCore::EditingStyle*, const WebCore::Position&, const WebCore::Position&) 1 0x7ffff5c172a1 WTFCrash 2 0x7ffff0a6f36c WebCore::ApplyStyleCommand::removeInlineStyle(WebCore::EditingStyle*, WebCore::Position const&, WebCore::Position const&) 3 0x7ffff0a6c4ca WebCore::ApplyStyleCommand::applyInlineStyle(WebCore::EditingStyle*) 4 0x7ffff0a69a37 WebCore::ApplyStyleCommand::doApply() 5 0x7ffff0a78e94 WebCore::CompositeEditCommand::applyCommandToComposite(WTF::PassRefPtr<WebCore::EditCommand>) 6 0x7ffff0ad42c5 WebCore::RemoveFormatCommand::doApply() 7 0x7ffff0a78c54 WebCore::CompositeEditCommand::apply() 8 0x7ffff0a78a4c WebCore::applyCommand(WTF::PassRefPtr<WebCore::CompositeEditCommand>) 9 0x7ffff0a9c041 WebCore::Editor::removeFormattingAndStyle() 10 0x7ffff0ab03db 11 0x7ffff0ab1f22 WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const 12 0x7ffff0976ab2 WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) 13 0x7ffff1812910 WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::ExecState*) 14 0x7fff9d5640e5 Program received signal SIGSEGV, Segmentation fault. 0x00007ffff5c172a6 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333 333 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff5c172a6 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333 #1 0x00007ffff0a6f36c in WebCore::ApplyStyleCommand::removeInlineStyle (this=0x12000a0, style=0x12230f0, start=..., end=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/editing/ApplyStyleCommand.cpp:1126 #2 0x00007ffff0a6c4ca in WebCore::ApplyStyleCommand::applyInlineStyle (this=0x12000a0, style=0x12230f0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/editing/ApplyStyleCommand.cpp:637 #3 0x00007ffff0a69a37 in WebCore::ApplyStyleCommand::doApply (this=0x12000a0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/editing/ApplyStyleCommand.cpp:220 #4 0x00007ffff0a78e94 in WebCore::CompositeEditCommand::applyCommandToComposite (this=0x1200b90, prpCommand=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/editing/CompositeEditCommand.cpp:278 #5 0x00007ffff0ad42c5 in WebCore::RemoveFormatCommand::doApply (this=0x1200b90) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/editing/RemoveFormatCommand.cpp:92 #6 0x00007ffff0a78c54 in WebCore::CompositeEditCommand::apply (this=0x1200b90) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/editing/CompositeEditCommand.cpp:227 #7 0x00007ffff0a78a4c in WebCore::applyCommand (command=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/editing/CompositeEditCommand.cpp:182 #8 0x00007ffff0a9c041 in WebCore::Editor::removeFormattingAndStyle (this=0x750200) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/editing/Editor.cpp:914 #9 0x00007ffff0ab03db in WebCore::executeRemoveFormat (frame=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/editing/EditorCommand.cpp:985 #10 0x00007ffff0ab1f22 in WebCore::Editor::Command::execute (this=0x7fffffff9ad0, parameter=..., triggeringEvent=0x0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/editing/EditorCommand.cpp:1740 #11 0x00007ffff0976ab2 in WebCore::Document::execCommand (this=0x11c8ad0, commandName=..., userInterface=false, value=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:4220 #12 0x00007ffff1812910 in WebCore::jsDocumentPrototypeFunctionExecCommand (exec=0x7fff93d8bf40) at /home/reni/Data/REPOS/webkit_sec/WebKitBuild/Debug/DerivedSources/WebCore/JSDocument.cpp:3369 #13 0x00007fff9d5640e5 in ?? () #14 0x00007fff93d8bf90 in ?? () #15 0x00007ffff5c05421 in llint_op_call () from /home/reni/Data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.0 #16 0x00007fff9d564900 in ?? () #17 0x0000000001141e20 in ?? () #18 0x0000000000000001 in ?? () #19 0x0000000000000001 in ?? () #20 0x00000000011596b0 in ?? () #21 0x0000000000000000 in ?? ()
Attachments
Test case (292 bytes, text/html)
2014-01-21 05:50 PST, Renata Hodovan 		no flags
Details
Test (176 bytes, text/html)
2015-11-25 05:44 PST, Renata Hodovan 		no flags
Details
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Renata Hodovan
Comment 1 2015-11-25 05:44:09 PST
Created attachment 266153 [details] Test New test case since the old one doesn't repro anymore.
Brent Fulgham
Comment 2 2016-08-03 13:53:40 PDT
This still reproduces under r204037.
Radar WebKit Bug Importer
Comment 3 2016-08-03 13:55:19 PDT
<rdar://problem/27685108>
Ahmad Saleem
Comment 4 2023-01-20 10:42:55 PST
I am able to reproduce this assert failed using MiniBrowser WK2 Debug Build based of 259136@main and I get this: ASSERTION FAILED: node == end.deprecatedNode() || !node->contains(end.deprecatedNode()) editing/ApplyStyleCommand.cpp(1133) : void WebCore::ApplyStyleCommand::removeInlineStyle(WebCore::EditingStyle &, const WebCore::Position &, const WebCore::Position &) 1 0x13a6c6d84 WTFCrash 2 0x280832730 WTFCrashWithInfo(int, char const*, char const*, int) 3 0x283db5a28 WebCore::ApplyStyleCommand::removeInlineStyle(WebCore::EditingStyle&, WebCore::Position const&, WebCore::Position const&) 4 0x283db21d8 WebCore::ApplyStyleCommand::applyInlineStyle(WebCore::EditingStyle&) 5 0x283db0604 WebCore::ApplyStyleCommand::doApply() 6 0x283dac198 WebCore::CompositeEditCommand::apply() 7 0x283e0c730 WebCore::Editor::applyStyle(WTF::RefPtr<WebCore::EditingStyle, WTF::RawPtrTraits<WebCore::EditingStyle>, WTF::DefaultRefDerefTraits<WebCore::EditingStyle> >&&, WebCore::EditAction, WebCore::Editor::ColorFilterMode) 8 0x283e41250 WebCore::applyCommandToFrame(WebCore::Frame&, WebCore::EditorCommandSource, WebCore::EditAction, WTF::Ref<WebCore::EditingStyle, WTF::RawPtrTraits<WebCore::EditingStyle> >&&) 9 0x283e413d8 WebCore::executeToggleStyle(WebCore::Frame&, WebCore::EditorCommandSource, WebCore::EditAction, WebCore::CSSPropertyID, WTF::ASCIILiteral, WTF::ASCIILiteral) 10 0x283e3de9c WebCore::executeToggleItalic(WebCore::Frame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) 11 0x283e12a30 WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const 12 0x283a99ef0 WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) 13 0x280be2e5c WebCore::jsDocumentPrototypeFunction_execCommandBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDocument*) 14 0x280be2944 long long WebCore::IDLOperation<WebCore::JSDocument>::call<&(WebCore::jsDocumentPrototypeFunction_execCommandBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDocument*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) 15 0x280bcda00 WebCore::jsDocumentPrototypeFunction_execCommand(JSC::JSGlobalObject*, JSC::CallFrame*) 16 0x2a4e5403c (null) 17 0x13adee990 llint_entry 18 0x13adc8eec vmEntryToJavaScript 19 0x13be27a5c JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) 20 0x13be26ff8 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*) 21 0x13c290110 JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) 22 0x13c290254 JSC::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) 23 0x283240254 WebCore::JSExecState::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) 24 0x28323fd28 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) 25 0x28323fb5c WebCore::ScriptController::evaluateInWorldIgnoringException(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) 26 0x28324050c WebCore::ScriptController::evaluateIgnoringException(WebCore::ScriptSourceCode const&) 27 0x283cbd164 WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&) 28 0x283cbb2e8 WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) 29 0x284323810 WebCore::HTMLScriptRunner::runScript(WebCore::ScriptElement&, WTF::TextPosition const&) 30 0x28432363c WebCore::HTMLScriptRunner::execute(WTF::Ref<WebCore::ScriptElement, WTF::RawPtrTraits<WebCore::ScriptElement> >&&, WTF::TextPosition const&) 31 0x2842fb1f4 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder()
Note You need to log in before you can comment on or make changes to this bug.