WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
137961
Crash in WebCore::Node::getFlag
https://bugs.webkit.org/show_bug.cgi?id=137961
Summary
Crash in WebCore::Node::getFlag
Renata Hodovan
Reported
2014-10-22 08:37:09 PDT
Created
attachment 240275
[details]
Test case The crashing test: <!DOCTYPE html> <html contenteditable> <head> <script> function test() { document.execCommand("selectAll", false, null); document.execCommand("createlink", true, "
http://www.example.com
"); document.execCommand("removeFormat", false, null); } </script> <style> * { display:table-row-group; } </style> </head> <body onload='test()' hidden> Backtrace: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fff98c1f700 (LWP 22759)] 0x00007ffff2771463 in WebCore::Node::getFlag (this=0x0, mask=WebCore::Node::IsTextFlag) at ../../Source/WebCore/dom/Node.h:630 630 bool getFlag(NodeFlags mask) const { return m_nodeFlags & mask; } #0 0x00007ffff2771463 in WebCore::Node::getFlag (this=0x0, mask=WebCore::Node::IsTextFlag) at ../../Source/WebCore/dom/Node.h:630 #1 0x00007ffff291d1d7 in WebCore::Node::isTextNode (this=0x0) at ../../Source/WebCore/dom/Node.h:228 #2 0x00007ffff291d423 in WebCore::firstPositionInNode (anchorNode=0x0) at ../../Source/WebCore/dom/Position.h:306 #3 0x00007ffff3149f87 in WebCore::ApplyStyleCommand::applyBlockStyle (this=0x8ff570, style=0x675f90) at ../../Source/WebCore/editing/ApplyStyleCommand.cpp:260 #4 0x00007ffff3149c59 in WebCore::ApplyStyleCommand::doApply (this=0x8ff570) at ../../Source/WebCore/editing/ApplyStyleCommand.cpp:214 #5 0x00007ffff315c47a in WebCore::CompositeEditCommand::applyCommandToComposite (this=0x804720, prpCommand=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:277 #6 0x00007ffff31cb7b8 in WebCore::RemoveFormatCommand::doApply (this=0x804720) at ../../Source/WebCore/editing/RemoveFormatCommand.cpp:93 #7 0x00007ffff315c1e1 in WebCore::CompositeEditCommand::apply (this=0x804720) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:226 #8 0x00007ffff315bf97 in WebCore::applyCommand (command=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:183 #9 0x00007ffff31888e4 in WebCore::Editor::removeFormattingAndStyle (this=0x8c33c0) at ../../Source/WebCore/editing/Editor.cpp:891 #10 0x00007ffff31a1162 in WebCore::executeRemoveFormat (frame=...) at ../../Source/WebCore/editing/EditorCommand.cpp:983 #11 0x00007ffff31a2fd9 in WebCore::Editor::Command::execute (this=0x7fffffffc6a0, parameter=..., triggeringEvent=0x0) at ../../Source/WebCore/editing/EditorCommand.cpp:1726 #12 0x00007ffff30343f8 in WebCore::Document::execCommand (this=0xa7da90, commandName=..., userInterface=false, value=...) at ../../Source/WebCore/dom/Document.cpp:4373 #13 0x00007ffff402b8cd in WebCore::jsDocumentPrototypeFunctionExecCommand (exec=0x7fffffffc7a0) at DerivedSources/WebCore/JSDocument.cpp:4526 #14 0x00007fff9a8f40b4 in ?? () #15 0x00007fffffffc800 in ?? () #16 0x00007fffeda92edb in llint_entry () from /home/reni/data/REPOS/webkit/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18
Attachments
Test case
(353 bytes, text/html)
2014-10-22 08:37 PDT
,
Renata Hodovan
no flags
Details
WIP patch
(1.61 KB, patch)
2014-11-07 04:49 PST
,
Csaba Osztrogonác
no flags
Details
Formatted Diff
Diff
Patch
(3.72 KB, patch)
2014-11-10 04:44 PST
,
Csaba Osztrogonác
no flags
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
Darin Adler
Comment 1
2014-10-22 20:02:27 PDT
The fix for this is in ApplyStyleCommand::applyBlockStyle: if (!scope) return; This needs to be done just after scope is initialized.
Csaba Osztrogonác
Comment 2
2014-11-07 04:49:44 PST
Created
attachment 241172
[details]
WIP patch seems working locally, WIP patch for EWS
Csaba Osztrogonác
Comment 3
2014-11-10 04:44:22 PST
Created
attachment 241285
[details]
Patch
WebKit Commit Bot
Comment 4
2014-11-10 08:20:46 PST
Comment on
attachment 241285
[details]
Patch Clearing flags on attachment: 241285 Committed
r175809
: <
http://trac.webkit.org/changeset/175809
>
WebKit Commit Bot
Comment 5
2014-11-10 08:20:50 PST
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug