RESOLVED FIXED 150207
Null dereference loading Blink layout test editing/execCommand/format-block-uneditable-crash.html 
https://bugs.webkit.org/show_bug.cgi?id=150207
Summary Null dereference loading Blink layout test editing/execCommand/format-block-u...
Jon Honeycutt
Reported 2015-10-15 16:53:04 PDT
Created attachment 263224 [details] Crashing test Null dereference loading Blink layout test editing/execCommand/format-block-uneditable-crash.html. Stack trace: Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGABRT) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000014 VM Regions Near 0x14: --> __TEXT 000000010c416000-000000010c4b0000 [ 616K] r-x/rwx SM=COW /Users/USER/* Application Specific Information: CRASHING TEST: blink-tests-that-are-unknown/editing/execCommand/format-block-uneditable-crash.html ================================================================ ==21895==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000014 (pc 0x000111b5fab2 bp 0x7fff537e2570 sp 0x7fff537e2570 T0) #0 0x111b5fab1 in WebCore::Node::getFlag(WebCore::Node::NodeFlags) const Node.h:641 #1 0x111b941bb in WebCore::lastPositionInNode(WebCore::Node*) Position.h:313 #2 0x111c4b6e1 in WebCore::ApplyBlockElementCommand::rangeForParagraphSplittingTextNodesIfNeeded(WebCore::VisiblePosition const&, WebCore::Position&, WebCore::Position&) ApplyBlockElementCommand.cpp:248 #3 0x111c4a29e in WebCore::ApplyBlockElementCommand::formatSelection(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&) ApplyBlockElementCommand.cpp:126 #4 0x11257d4a7 in WebCore::FormatBlockCommand::formatSelection(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&) FormatBlockCommand.cpp:59 #5 0x111c49397 in WebCore::ApplyBlockElementCommand::doApply() ApplyBlockElementCommand.cpp:86 #6 0x111e7eb7b in WebCore::CompositeEditCommand::apply() CompositeEditCommand.cpp:229 #7 0x11240fa24 in WebCore::executeFormatBlock(WebCore::Frame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) EditorCommand.cpp:425 #8 0x11240d85e in WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const EditorCommand.cpp:1704 #9 0x1121e5979 in WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) Document.cpp:4657 #10 0x112c53260 in WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::ExecState*) JSDocument.cpp:5093 #11 0x2abca0401027 (<unknown module>) #12 0x10d24664f in llint_entry (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xab464f) #13 0x10d246a49 in llint_entry (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xab4a49) #14 0x10d24664f in llint_entry (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xab464f) #15 0x10d24664f in llint_entry (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xab464f) #16 0x10d240a0a in vmEntryToJavaScript (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xaaea0a) #17 0x10cfa207d in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) JITCode.cpp:80 #18 0x10cf5ecc6 in JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) Interpreter.cpp:961 #19 0x10c921689 in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) Completion.cpp:104 #20 0x112f0f3ad in WebCore::JSMainThreadExecState::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) JSMainThreadExecState.h:62 #21 0x113b4b410 in WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) ScriptController.cpp:164 #22 0x113b4b618 in WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) ScriptController.cpp:180 #23 0x113b5d586 in WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) ScriptElement.cpp:309 #24 0x113b5ae6a in WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) ScriptElement.cpp:242 #25 0x1128509cb in WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition const&) HTMLScriptRunner.cpp:308 #26 0x112850705 in WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element>, WTF::TextPosition const&) HTMLScriptRunner.cpp:177 #27 0x11277ba6f in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() HTMLDocumentParser.cpp:195 #28 0x11277bce3 in WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode, WebCore::PumpSession&) HTMLDocumentParser.cpp:213 #29 0x11277b2a8 in WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) HTMLDocumentParser.cpp:259 #30 0x11277cc9d in WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution() HTMLDocumentParser.cpp:496 #31 0x11277cf61 in WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) HTMLDocumentParser.cpp:536 #32 0x111d9eca7 in WebCore::CachedResource::checkNotify() CachedResource.cpp:297 #33 0x113e27588 in WebCore::SubresourceLoader::didFinishLoading(double) SubresourceLoader.cpp:372 #34 0x7fff8c4a3850 in __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e850) #35 0x7fff8c4a3765 in -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e765) #36 0x7fff8c4a366a in -[NSURLConnectionInternal _withActiveConnectionAndDelegate:] (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e66a) #37 0x7fff8c4a8491 in ___ZN27URLConnectionClient_Classic26_delegate_didFinishLoadingEU13block_pointerFvvE_block_invoke (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x33491) #38 0x7fff8c63c976 in ___ZN27URLConnectionClient_Classic18_withDelegateAsyncEPKcU13block_pointerFvP16_CFURLConnectionPK33CFURLConnectionClientCurrent_VMaxE_block_invoke_2 (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x1c7976) #39 0x7fff9a99c3c2 in _dispatch_client_callout (/usr/lib/system/libdispatch.dylib+0x23c2) #40 0x7fff9a9aa0bd in _dispatch_block_invoke (/usr/lib/system/libdispatch.dylib+0x100bd) #41 0x7fff8c4a3527 in RunloopBlockContext::_invoke_block(void const*, void*) (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e527) #42 0x7fff96f5ce63 in CFArrayApplyFunction (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x4ce63) #43 0x7fff8c4a3420 in RunloopBlockContext::perform() (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e420) #44 0x7fff8c4a32c1 in MultiplexerSource::perform() (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e2c1) #45 0x7fff8c4a30e3 in MultiplexerSource::_perform(void*) (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e0e3) #46 0x7fff96fba8b0 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa8b0) #47 0x7fff96f9a0ab in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x8a0ab) #48 0x7fff96f995ce in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x895ce) #49 0x7fff96f98fc7 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88fc7) #50 0x10c43898d in runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) DumpRenderTree.mm:2030 #51 0x10c437f39 in runTestingServerLoop() DumpRenderTree.mm:1180 #52 0x10c437267 in dumpRenderTree(int, char const**) DumpRenderTree.mm:1288 #53 0x10c4392b1 in DumpRenderTreeMain(int, char const**) DumpRenderTree.mm:1418 #54 0x7fff931e95ac in start (/usr/lib/system/libdyld.dylib+0x35ac) #55 0x1 (<unknown module>)
Attachments
Crashing test (539 bytes, text/html)
2015-10-15 16:53 PDT, Jon Honeycutt 		no flags
Details
Patch (4.27 KB, patch)
2015-10-23 19:10 PDT, Jiewen Tan 		no flags
DetailsFormatted DiffDiff
Patch (5.28 KB, patch)
2015-10-26 18:11 PDT, Jiewen Tan 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2015-10-15 16:53:19 PDT
<rdar://problem/23137066>
Jiewen Tan
Comment 2 2015-10-23 19:10:47 PDT
Created attachment 263973 [details] Patch
Enrica Casucci
Comment 3 2015-10-26 13:49:34 PDT
Comment on attachment 263973 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=263973&action=review > LayoutTests/editing/execCommand/format-block-uneditable-crash.html:21 > +</script> Please use the editing.js and markup.js functions to write the test.
Jiewen Tan
Comment 4 2015-10-26 18:11:49 PDT
Created attachment 264115 [details] Patch
WebKit Commit Bot
Comment 5 2015-10-27 16:48:21 PDT
Comment on attachment 264115 [details] Patch Rejecting attachment 264115 [details] from commit-queue. jiewen_tan@apple.com does not have committer permissions according to http://trac.webkit.org/browser/trunk/Tools/Scripts/webkitpy/common/config/contributors.json. - If you do not have committer rights please read http://webkit.org/coding/contributing.html for instructions on how to use bugzilla flags. - If you have committer rights please correct the error in Tools/Scripts/webkitpy/common/config/contributors.json by adding yourself to the file (no review needed). The commit-queue restarts itself every 2 hours. After restart the commit-queue will correctly respect your committer rights.
WebKit Commit Bot
Comment 6 2015-10-27 17:36:11 PDT
Comment on attachment 264115 [details] Patch Clearing flags on attachment: 264115 Committed r191647: <http://trac.webkit.org/changeset/191647>
WebKit Commit Bot
Comment 7 2015-10-27 17:36:16 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.