Bug 127684 - ASSERTION FAILED: insertionBlock != currentRoot
Summary: ASSERTION FAILED: insertionBlock != currentRoot
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: HTML Editing (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Linux
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks: 116980
  Show dependency treegraph
 
Reported: 2014-01-27 09:08 PST by Martin Hodovan
Modified: 2024-04-10 00:38 PDT (History)
6 users (show)

See Also:


Attachments
Test case (311 bytes, text/html)
2014-01-27 09:08 PST, Martin Hodovan
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Hodovan 2014-01-27 09:08:52 PST
Created attachment 222330 [details]
Test case

The failing test:
<body onload="
	if (document.counter)
		document.counter++;
	else 
		document.counter = 1;

	if (document.counter <= 1) {
		document.designMode='on';
		document.execCommand('selectall');
		document.execCommand('RemoveFormat');
		document.execCommand('inserthtml', false);
	}"
>
	<hr>
	<canvas>
	</canvas>
</body>


The error message:
ASSERTION FAILED: insertionBlock != currentRoot
/home/martin/Data/WebKit/Source/WebCore/editing/ReplaceSelectionCommand.cpp(1016) : virtual void WebCore::ReplaceSelectionCommand::doApply()
1   0x7ffff5c19441 WTFCrash
2   0x7ffff0b2985f WebCore::ReplaceSelectionCommand::doApply()
3   0x7ffff0ac67a8 WebCore::CompositeEditCommand::apply()
4   0x7ffff0ac65a0 WebCore::applyCommand(WTF::PassRefPtr<WebCore::CompositeEditCommand>)
5   0x7ffff0afb00b
6   0x7ffff0afc683
7   0x7ffff0affa76 WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const
8   0x7ffff09c523e WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&)
9   0x7ffff185aa58 WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::ExecState*)
10  0x7fff9b9be0e5

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5c19446 in WTFCrash () at /home/martin/Data/WebKit/Source/WTF/wtf/Assertions.cpp:333
333	    *(int *)(uintptr_t)0xbbadbeef = 0;


The backtrace:
#1  0x00007ffff0b2985f in WebCore::ReplaceSelectionCommand::doApply (this=0xa3fde0) at /home/martin/Data/WebKit/Source/WebCore/editing/ReplaceSelectionCommand.cpp:1016
#2  0x00007ffff0ac67a8 in WebCore::CompositeEditCommand::apply (this=0xa3fde0) at /home/martin/Data/WebKit/Source/WebCore/editing/CompositeEditCommand.cpp:227
#3  0x00007ffff0ac65a0 in WebCore::applyCommand (command=...) at /home/martin/Data/WebKit/Source/WebCore/editing/CompositeEditCommand.cpp:182
#4  0x00007ffff0afb00b in WebCore::executeInsertFragment (frame=..., fragment=...) at /home/martin/Data/WebKit/Source/WebCore/editing/EditorCommand.cpp:195
#5  0x00007ffff0afc683 in WebCore::executeInsertHTML (frame=..., value=...) at /home/martin/Data/WebKit/Source/WebCore/editing/EditorCommand.cpp:508
#6  0x00007ffff0affa76 in WebCore::Editor::Command::execute (this=0x7fffffffbac0, parameter=..., triggeringEvent=0x0)
    at /home/martin/Data/WebKit/Source/WebCore/editing/EditorCommand.cpp:1740
#7  0x00007ffff09c523e in WebCore::Document::execCommand (this=0x808ab0, commandName=..., userInterface=false, value=...)
    at /home/martin/Data/WebKit/Source/WebCore/dom/Document.cpp:4220
#8  0x00007ffff185aa58 in WebCore::jsDocumentPrototypeFunctionExecCommand (exec=0x7fff8f071f40)
    at /home/martin/Data/WebKit/WebKitBuild/Debug/DerivedSources/WebCore/JSDocument.cpp:3369
#9  0x00007fff9b9be0e5 in ?? ()
#10 0x00007fff8f071f90 in ?? ()
#11 0x00007ffff5c075c1 in llint_op_call () from /home/martin/Data/WebKit/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.0
#12 0x00007fff9b9be900 in ?? ()
#13 0x00000000009ee4e0 in ?? ()
#14 0x00007fff800078b0 in ?? ()
#15 0x00007fff800064a0 in ?? ()
#16 0x000000000073cd50 in ?? ()
#17 0x0000000000000000 in ?? ()
Comment 1 Brent Fulgham 2016-08-03 14:01:07 PDT
This still occurs under r204037.
Comment 2 Radar WebKit Bug Importer 2016-08-03 14:01:23 PDT
<rdar://problem/27685262>
Comment 3 Ahmad Saleem 2023-01-20 10:41:12 PST
I am still able to reproduce this assert failed using attached test case in MiniBrowser WK2 Debug Build based of 259136@main and it gets this:

ASSERTION FAILED: insertionBlock != currentRoot
editing/ReplaceSelectionCommand.cpp(1230) : virtual void WebCore::ReplaceSelectionCommand::doApply()
1   0x138346d84 WTFCrash
2   0x280832730 WTFCrashWithInfo(int, char const*, char const*, int)
3   0x283e7b3b8 WebCore::ReplaceSelectionCommand::doApply()
4   0x283dac198 WebCore::CompositeEditCommand::apply()
5   0x283e43438 WebCore::executeInsertFragment(WebCore::Frame&, WTF::Ref<WebCore::DocumentFragment, WTF::RawPtrTraits<WebCore::DocumentFragment> >&&)
6   0x283e3d604 WebCore::executeInsertHTML(WebCore::Frame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&)
7   0x283e12a30 WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const
8   0x283a99ef0 WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&)
9   0x280be2e5c WebCore::jsDocumentPrototypeFunction_execCommandBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDocument*)
10  0x280be2944 long long WebCore::IDLOperation<WebCore::JSDocument>::call<&(WebCore::jsDocumentPrototypeFunction_execCommandBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDocument*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)
11  0x280bcda00 WebCore::jsDocumentPrototypeFunction_execCommand(JSC::JSGlobalObject*, JSC::CallFrame*)
12  0x2a4e5403c (null)
13  0x138a6e990 llint_entry
14  0x138a48eec vmEntryToJavaScript
15  0x139aa7a5c JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
16  0x139aa8138 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
17  0x139ed4878 JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
18  0x139ed493c JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
19  0x139ed4c10 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
20  0x28323e6b8 WebCore::JSExecState::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
21  0x283163f10 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&)
22  0x283bc8f44 WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::RawPtrTraits<WebCore::RegisteredEventListener>, WTF::DefaultRefDerefTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 2ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase)
23  0x283bbdf30 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase)
24  0x284a5507c WebCore::DOMWindow::dispatchEvent(WebCore::Event&, WebCore::EventTarget*)
25  0x284a5fda0 WebCore::DOMWindow::dispatchLoadEvent()
26  0x283a872a4 WebCore::Document::dispatchWindowLoadEvent()
27  0x283a86efc WebCore::Document::implicitClose()
28  0x284848ba0 WebCore::FrameLoader::checkCallImplicitClose()
29  0x284848544 WebCore::FrameLoader::checkCompleted()
30  0x284846950 WebCore::FrameLoader::finishedParsing()
31  0x283a9c2bc WebCore::Document::finishedParsing()
2023-01-20 18:39:56.245 MiniBrowser[65827:23966084] WebContent process crashed; reloading
Comment 4 EWS 2024-04-10 00:38:39 PDT
Committed 277291@main (cb8d258708a5): <https://commits.webkit.org/277291@main>

Reviewed commits have been landed. Closing PR #26896 and removing active labels.