131109 – ASSERTION FAILED: pos.deprecatedNode()->renderer() WebCore::CompositeEditCommand::insertBlockPlaceholder(const WebCore::Position&)

Bug 131109 - ASSERTION FAILED: pos.deprecatedNode()->renderer() WebCore::CompositeEditCommand::insertBlockPlaceholder(const WebCore::Position&)

Summary: ASSERTION FAILED: pos.deprecatedNode()->renderer() WebCore::CompositeEditComm...

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:	116980
	Show dependency tree / graph

Reported:	2014-04-02 08:52 PDT by Martin Hodovan
Modified:	2016-08-03 14:14 PDT (History)
CC List:	7 users (show)

See Also:

Attachments
Test case (285 bytes, text/html) 2014-04-02 08:52 PDT, Martin Hodovan	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Martin Hodovan 2014-04-02 08:52:44 PDT

Created attachment 228398 [details]
Test case

The failing test case:

<body onpageshow='document.execCommand("insertunorderedlist", true, null)' contenteditable="true">
 <table contenteditable="false">
  <td>
   <sup hidden contenteditable="true">
    <svg>
     <animatetransform onload='document.execCommand("selectall", true, null)'></animatetransform>


The backtrace:

#1  0x00007ffff0b19d69 in WebCore::CompositeEditCommand::insertBlockPlaceholder (this=0x8055e0, pos=...)
    at /home/martin/Data/WebKit/Source/WebCore/editing/CompositeEditCommand.cpp:925
#2  0x00007ffff0b26fb7 in WebCore::DeleteSelectionCommand::removeNode (this=0x8055e0, node=..., 
    shouldAssumeContentIsAlwaysEditable=WebCore::DoNotAssumeContentIsAlwaysEditable) at /home/martin/Data/WebKit/Source/WebCore/editing/DeleteSelectionCommand.cpp:391
#3  0x00007ffff0b26ea3 in WebCore::DeleteSelectionCommand::removeNode (this=0x8055e0, node=..., 
    shouldAssumeContentIsAlwaysEditable=WebCore::DoNotAssumeContentIsAlwaysEditable) at /home/martin/Data/WebKit/Source/WebCore/editing/DeleteSelectionCommand.cpp:382
#4  0x00007ffff0b26ea3 in WebCore::DeleteSelectionCommand::removeNode (this=0x8055e0, node=..., 
    shouldAssumeContentIsAlwaysEditable=WebCore::DoNotAssumeContentIsAlwaysEditable) at /home/martin/Data/WebKit/Source/WebCore/editing/DeleteSelectionCommand.cpp:382
#5  0x00007ffff0b17058 in WebCore::CompositeEditCommand::removeChildrenInRange (this=0x8055e0, node=..., from=0, to=2)
    at /home/martin/Data/WebKit/Source/WebCore/editing/CompositeEditCommand.cpp:409
#6  0x00007ffff0b27a8b in WebCore::DeleteSelectionCommand::handleGeneralDelete (this=0x8055e0)
    at /home/martin/Data/WebKit/Source/WebCore/editing/DeleteSelectionCommand.cpp:489
#7  0x00007ffff0b2a0de in WebCore::DeleteSelectionCommand::doApply (this=0x8055e0) at /home/martin/Data/WebKit/Source/WebCore/editing/DeleteSelectionCommand.cpp:848
#8  0x00007ffff0b1628c in WebCore::CompositeEditCommand::applyCommandToComposite (this=0x7bff40, prpCommand=...)
    at /home/martin/Data/WebKit/Source/WebCore/editing/CompositeEditCommand.cpp:278
#9  0x00007ffff0b185e2 in WebCore::CompositeEditCommand::deleteSelection (this=0x7bff40, smartDelete=false, mergeBlocksAfterDelete=false, replace=false, 
    expandForSpecialElements=false, sanitizeMarkup=true) at /home/martin/Data/WebKit/Source/WebCore/editing/CompositeEditCommand.cpp:643
#10 0x00007ffff0b1c156 in WebCore::CompositeEditCommand::moveParagraphs (this=0x7bff40, startOfParagraphToMove=..., endOfParagraphToMove=..., destination=..., 
    preserveSelection=true, preserveStyle=true) at /home/martin/Data/WebKit/Source/WebCore/editing/CompositeEditCommand.cpp:1284
#11 0x00007ffff0b1b8d7 in WebCore::CompositeEditCommand::moveParagraph (this=0x7bff40, startOfParagraphToMove=..., endOfParagraphToMove=..., destination=..., 
    preserveSelection=true, preserveStyle=true) at /home/martin/Data/WebKit/Source/WebCore/editing/CompositeEditCommand.cpp:1208
#12 0x00007ffff0b672b6 in WebCore::InsertListCommand::listifyParagraph (this=0x7bff40, originalStart=..., listTag=...)
    at /home/martin/Data/WebKit/Source/WebCore/editing/InsertListCommand.cpp:393
#13 0x00007ffff0b66176 in WebCore::InsertListCommand::doApplyForSingleParagraph (this=0x7bff40, forceCreateList=false, listTag=..., currentSelection=0x7c9350)
    at /home/martin/Data/WebKit/Source/WebCore/editing/InsertListCommand.cpp:256
#14 0x00007ffff0b657fb in WebCore::InsertListCommand::doApply (this=0x7bff40) at /home/martin/Data/WebKit/Source/WebCore/editing/InsertListCommand.cpp:192
#15 0x00007ffff0b1604b in WebCore::CompositeEditCommand::apply (this=0x7bff40) at /home/martin/Data/WebKit/Source/WebCore/editing/CompositeEditCommand.cpp:227
#16 0x00007ffff0b15e3f in WebCore::applyCommand (command=...) at /home/martin/Data/WebKit/Source/WebCore/editing/CompositeEditCommand.cpp:182
#17 0x00007ffff0b4f02f in WebCore::executeInsertUnorderedList (frame=...) at /home/martin/Data/WebKit/Source/WebCore/editing/EditorCommand.cpp:575
#18 0x00007ffff0b51f82 in WebCore::Editor::Command::execute (this=0x7fffffffcaa0, parameter=..., triggeringEvent=0x0)
    at /home/martin/Data/WebKit/Source/WebCore/editing/EditorCommand.cpp:1741
#19 0x00007ffff0a0a148 in WebCore::Document::execCommand (this=0x6f4ab0, commandName=..., userInterface=true, value=...)
    at /home/martin/Data/WebKit/Source/WebCore/dom/Document.cpp:4221
#20 0x00007ffff19f50d1 in WebCore::jsDocumentPrototypeFunctionExecCommand (exec=0x7fffffffcba0)
    at /home/martin/Data/WebKit/WebKitBuild/Debug/DerivedSources/WebCore/JSDocument.cpp:4730
#21 0x00007fff9a6640b4 in ?? ()
#22 0x00007fffffffcc00 in ?? ()
#23 0x00007ffff5978735 in llint_op_call () from /home/martin/Data/WebKit/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.0
#24 0x0000000000000000 in ?? ()

Comment 1 Brent Fulgham 2016-08-03 14:12:36 PDT

This reproduces in r204037.

Comment 2 Radar WebKit Bug Importer 2016-08-03 14:14:06 PDT

<rdar://problem/27685600>