127684 – ASSERTION FAILED: insertionBlock != currentRoot

RESOLVED FIXED 127684

ASSERTION FAILED: insertionBlock != currentRoot

https://bugs.webkit.org/show_bug.cgi?id=127684

Summary ASSERTION FAILED: insertionBlock != currentRoot

Martin Hodovan

Reported 2014-01-27 09:08:52 PST

Created attachment 222330 [details] Test case The failing test: <body onload=" if (document.counter) document.counter++; else document.counter = 1; if (document.counter <= 1) { document.designMode='on'; document.execCommand('selectall'); document.execCommand('RemoveFormat'); document.execCommand('inserthtml', false); }" > <hr> <canvas> </canvas> </body> The error message: ASSERTION FAILED: insertionBlock != currentRoot /home/martin/Data/WebKit/Source/WebCore/editing/ReplaceSelectionCommand.cpp(1016) : virtual void WebCore::ReplaceSelectionCommand::doApply() 1 0x7ffff5c19441 WTFCrash 2 0x7ffff0b2985f WebCore::ReplaceSelectionCommand::doApply() 3 0x7ffff0ac67a8 WebCore::CompositeEditCommand::apply() 4 0x7ffff0ac65a0 WebCore::applyCommand(WTF::PassRefPtr<WebCore::CompositeEditCommand>) 5 0x7ffff0afb00b 6 0x7ffff0afc683 7 0x7ffff0affa76 WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const 8 0x7ffff09c523e WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) 9 0x7ffff185aa58 WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::ExecState*) 10 0x7fff9b9be0e5 Program received signal SIGSEGV, Segmentation fault. 0x00007ffff5c19446 in WTFCrash () at /home/martin/Data/WebKit/Source/WTF/wtf/Assertions.cpp:333 333 *(int *)(uintptr_t)0xbbadbeef = 0; The backtrace: #1 0x00007ffff0b2985f in WebCore::ReplaceSelectionCommand::doApply (this=0xa3fde0) at /home/martin/Data/WebKit/Source/WebCore/editing/ReplaceSelectionCommand.cpp:1016 #2 0x00007ffff0ac67a8 in WebCore::CompositeEditCommand::apply (this=0xa3fde0) at /home/martin/Data/WebKit/Source/WebCore/editing/CompositeEditCommand.cpp:227 #3 0x00007ffff0ac65a0 in WebCore::applyCommand (command=...) at /home/martin/Data/WebKit/Source/WebCore/editing/CompositeEditCommand.cpp:182 #4 0x00007ffff0afb00b in WebCore::executeInsertFragment (frame=..., fragment=...) at /home/martin/Data/WebKit/Source/WebCore/editing/EditorCommand.cpp:195 #5 0x00007ffff0afc683 in WebCore::executeInsertHTML (frame=..., value=...) at /home/martin/Data/WebKit/Source/WebCore/editing/EditorCommand.cpp:508 #6 0x00007ffff0affa76 in WebCore::Editor::Command::execute (this=0x7fffffffbac0, parameter=..., triggeringEvent=0x0) at /home/martin/Data/WebKit/Source/WebCore/editing/EditorCommand.cpp:1740 #7 0x00007ffff09c523e in WebCore::Document::execCommand (this=0x808ab0, commandName=..., userInterface=false, value=...) at /home/martin/Data/WebKit/Source/WebCore/dom/Document.cpp:4220 #8 0x00007ffff185aa58 in WebCore::jsDocumentPrototypeFunctionExecCommand (exec=0x7fff8f071f40) at /home/martin/Data/WebKit/WebKitBuild/Debug/DerivedSources/WebCore/JSDocument.cpp:3369 #9 0x00007fff9b9be0e5 in ?? () #10 0x00007fff8f071f90 in ?? () #11 0x00007ffff5c075c1 in llint_op_call () from /home/martin/Data/WebKit/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.0 #12 0x00007fff9b9be900 in ?? () #13 0x00000000009ee4e0 in ?? () #14 0x00007fff800078b0 in ?? () #15 0x00007fff800064a0 in ?? () #16 0x000000000073cd50 in ?? () #17 0x0000000000000000 in ?? ()

Attachments
Test case (311 bytes, text/html) 2014-01-27 09:08 PST, Martin Hodovan	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Brent Fulgham

Comment 1 2016-08-03 14:01:07 PDT

This still occurs under r204037.

Radar WebKit Bug Importer

Comment 2 2016-08-03 14:01:23 PDT

<rdar://problem/27685262>

Ahmad Saleem

Comment 3 2023-01-20 10:41:12 PST

I am still able to reproduce this assert failed using attached test case in MiniBrowser WK2 Debug Build based of 259136@main and it gets this: ASSERTION FAILED: insertionBlock != currentRoot editing/ReplaceSelectionCommand.cpp(1230) : virtual void WebCore::ReplaceSelectionCommand::doApply() 1 0x138346d84 WTFCrash 2 0x280832730 WTFCrashWithInfo(int, char const*, char const*, int) 3 0x283e7b3b8 WebCore::ReplaceSelectionCommand::doApply() 4 0x283dac198 WebCore::CompositeEditCommand::apply() 5 0x283e43438 WebCore::executeInsertFragment(WebCore::Frame&, WTF::Ref<WebCore::DocumentFragment, WTF::RawPtrTraits<WebCore::DocumentFragment> >&&) 6 0x283e3d604 WebCore::executeInsertHTML(WebCore::Frame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) 7 0x283e12a30 WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const 8 0x283a99ef0 WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) 9 0x280be2e5c WebCore::jsDocumentPrototypeFunction_execCommandBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDocument*) 10 0x280be2944 long long WebCore::IDLOperation<WebCore::JSDocument>::call<&(WebCore::jsDocumentPrototypeFunction_execCommandBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDocument*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) 11 0x280bcda00 WebCore::jsDocumentPrototypeFunction_execCommand(JSC::JSGlobalObject*, JSC::CallFrame*) 12 0x2a4e5403c (null) 13 0x138a6e990 llint_entry 14 0x138a48eec vmEntryToJavaScript 15 0x139aa7a5c JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) 16 0x139aa8138 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 17 0x139ed4878 JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 18 0x139ed493c JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) 19 0x139ed4c10 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) 20 0x28323e6b8 WebCore::JSExecState::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) 21 0x283163f10 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) 22 0x283bc8f44 WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::RawPtrTraits<WebCore::RegisteredEventListener>, WTF::DefaultRefDerefTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 2ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase) 23 0x283bbdf30 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) 24 0x284a5507c WebCore::DOMWindow::dispatchEvent(WebCore::Event&, WebCore::EventTarget*) 25 0x284a5fda0 WebCore::DOMWindow::dispatchLoadEvent() 26 0x283a872a4 WebCore::Document::dispatchWindowLoadEvent() 27 0x283a86efc WebCore::Document::implicitClose() 28 0x284848ba0 WebCore::FrameLoader::checkCallImplicitClose() 29 0x284848544 WebCore::FrameLoader::checkCompleted() 30 0x284846950 WebCore::FrameLoader::finishedParsing() 31 0x283a9c2bc WebCore::Document::finishedParsing() 2023-01-20 18:39:56.245 MiniBrowser[65827:23966084] WebContent process crashed; reloading

EWS

Comment 4 2024-04-10 00:38:39 PDT

Committed 277291@main (cb8d258708a5): <https://commits.webkit.org/277291@main> Reviewed commits have been landed. Closing PR #26896 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware PC

OS Linux

Product WebKit

Component HTML Editing

Assignee

Nobody

Reported

2014-01-27 09:08 PST

Modified

2024-04-10 00:38 PDT History

CC List

6 users Show

URL

Keywords InRadar

Depends on

Blocks

116980

Dependencies

tree graph