Created attachment 265166 [details] Test Load the attached test with debug MiniBrowser: <html contenteditable>a <sup draggable="true">a</sup> <h6>a</h6> <script> onload = function() { document.execCommand("selectAll"); document.execCommand("insertUnorderedList"); } </script> OS: Ubuntu 15.04 x86_64 Checked build: debug EFL Checked version: 009fb33 Backtrace: ASSERTION FAILED: isEndOfParagraph(endOfParagraphToMove) ../../Source/WebCore/editing/CompositeEditCommand.cpp(1211) : void WebCore::CompositeEditCommand::moveParagraph(const WebCore::VisiblePosition&, const WebCore::VisiblePosition&, const WebCore::VisiblePosition&, bool, bool) 1 0x7f5e9167cf97 WTFCrash 2 0x7f5e98ab224c WebCore::CompositeEditCommand::moveParagraph(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, bool, bool) 3 0x7f5e9792ed42 WebCore::InsertListCommand::listifyParagraph(WebCore::VisiblePosition const&, WebCore::QualifiedName const&) 4 0x7f5e9792d3b6 WebCore::InsertListCommand::doApplyForSingleParagraph(bool, WebCore::HTMLQualifiedName const&, WebCore::Range*) 5 0x7f5e9792c2d7 WebCore::InsertListCommand::doApply() 6 0x7f5e98aaa3f0 WebCore::CompositeEditCommand::apply() 7 0x7f5e98aaa1a1 WebCore::applyCommand(WTF::PassRefPtr<WebCore::CompositeEditCommand>) 8 0x7f5e97911d70 9 0x7f5e9791562a WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const 10 0x7f5e977bb3b5 WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) 11 0x7f5e98ee9119 WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::ExecState*) 12 0x7f5e33fff0c8 Aborted (core dumped) Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f5e9167cf9c in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; #0 0x00007f5e9167cf9c in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x00007f5e98ab224c in WebCore::CompositeEditCommand::moveParagraph (this=0x7f5e78fb63c0, startOfParagraphToMove=..., endOfParagraphToMove=..., destination=..., preserveSelection=true, preserveStyle=true) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:1211 #2 0x00007f5e9792ed42 in WebCore::InsertListCommand::listifyParagraph (this=0x7f5e78fb63c0, originalStart=..., listTag=...) at ../../Source/WebCore/editing/InsertListCommand.cpp:396 #3 0x00007f5e9792d3b6 in WebCore::InsertListCommand::doApplyForSingleParagraph (this=0x7f5e78fb63c0, forceCreateList=true, listTag=..., currentSelection=0x7f5e78f70480) at ../../Source/WebCore/editing/InsertListCommand.cpp:259 #4 0x00007f5e9792c2d7 in WebCore::InsertListCommand::doApply (this=0x7f5e78fb63c0) at ../../Source/WebCore/editing/InsertListCommand.cpp:166 #5 0x00007f5e98aaa3f0 in WebCore::CompositeEditCommand::apply (this=0x7f5e78fb63c0) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:227 #6 0x00007f5e98aaa1a1 in WebCore::applyCommand (command=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:186 #7 0x00007f5e97911d70 in WebCore::executeInsertUnorderedList (frame=...) at ../../Source/WebCore/editing/EditorCommand.cpp:542 #8 0x00007f5e9791562a in WebCore::Editor::Command::execute (this=0x7ffffcee3140, parameter=..., triggeringEvent=0x0) at ../../Source/WebCore/editing/EditorCommand.cpp:1703 #9 0x00007f5e977bb3b5 in WebCore::Document::execCommand (this=0x7f5e78c26a40, commandName=..., userInterface=false, value=...) at ../../Source/WebCore/dom/Document.cpp:4657 #10 0x00007f5e98ee9119 in WebCore::jsDocumentPrototypeFunctionExecCommand (state=0x7ffffcee3210) at DerivedSources/WebCore/JSDocument.cpp:5066 #11 0x00007f5e33fff0c8 in ?? () #12 0x00007ffffcee32a0 in ?? () #13 0x00007f5e91625764 in llint_entry () from webkit/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.1
This reproduces in r204037.
<rdar://problem/27711625>