NEW 151108
Should never be reached failure in WebCore::ReplaceSelectionCommand::mergeEndIfNeeded 
https://bugs.webkit.org/show_bug.cgi?id=151108
Summary Should never be reached failure in WebCore::ReplaceSelectionCommand::mergeEnd...
Renata Hodovan
Reported 2015-11-10 10:13:56 PST
Created attachment 265194 [details] Test Load the attached test with debug MiniBrowser: <!DOCTYPE html> <script> function f_0() { document.designMode = 'on'; document.execCommand("selectAll"); document.execCommand("indent"); document.execCommand("InsertHorizontalRule"); } </script> <style> * { display: inline-block; background-position: center bottom, center center; } </style> <body onload='f_0()'>a</body> OS: Ubuntu 15.04 x86_64 Checked build: debug EFL Checked version: 29ae33c Backtrace: SHOULD NEVER BE REACHED ../../Source/WebCore/editing/ReplaceSelectionCommand.cpp(830) : void WebCore::ReplaceSelectionCommand::mergeEndIfNeeded() 1 0x7f566fcae89f WTFCrash 2 0x7f5675f6c684 WebCore::ReplaceSelectionCommand::mergeEndIfNeeded() 3 0x7f5675f6f793 WebCore::ReplaceSelectionCommand::doApply() 4 0x7f56770e1220 WebCore::CompositeEditCommand::applyCommandToComposite(WTF::PassRefPtr<WebCore::EditCommand>) 5 0x7f56770e9bf2 WebCore::CompositeEditCommand::moveParagraphs(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, bool, bool) 6 0x7f56770e8dcf WebCore::CompositeEditCommand::moveParagraph(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, bool, bool) 7 0x7f5675f6c961 WebCore::ReplaceSelectionCommand::mergeEndIfNeeded() 8 0x7f5675f6f793 WebCore::ReplaceSelectionCommand::doApply() 9 0x7f56770e0f4c WebCore::CompositeEditCommand::apply() 10 0x7f56770e0cfd WebCore::applyCommand(WTF::PassRefPtr<WebCore::CompositeEditCommand>) 11 0x7f5675f43a63 12 0x7f5675f43bad 13 0x7f5675f45585 14 0x7f5675f4959e WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const 15 0x7f5675dedd39 WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) 16 0x7f567752022d WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::ExecState*) 17 0x7f560ffff0c8 Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f566fcae8a4 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007f566fcae8a4 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x00007f5675f6c684 in WebCore::ReplaceSelectionCommand::mergeEndIfNeeded (this=0x7f5657290000) at ../../Source/WebCore/editing/ReplaceSelectionCommand.cpp:830 #2 0x00007f5675f6f793 in WebCore::ReplaceSelectionCommand::doApply (this=0x7f5657290000) at ../../Source/WebCore/editing/ReplaceSelectionCommand.cpp:1237 #3 0x00007f56770e1220 in WebCore::CompositeEditCommand::applyCommandToComposite (this=0x7f56572fea20, prpCommand=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:278 #4 0x00007f56770e9bf2 in WebCore::CompositeEditCommand::moveParagraphs (this=0x7f56572fea20, startOfParagraphToMove=..., endOfParagraphToMove=..., destination=..., preserveSelection=false, preserveStyle=true) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:1318 #5 0x00007f56770e8dcf in WebCore::CompositeEditCommand::moveParagraph (this=0x7f56572fea20, startOfParagraphToMove=..., endOfParagraphToMove=..., destination=..., preserveSelection=false, preserveStyle=true) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:1212 #6 0x00007f5675f6c961 in WebCore::ReplaceSelectionCommand::mergeEndIfNeeded (this=0x7f56572fea20) at ../../Source/WebCore/editing/ReplaceSelectionCommand.cpp:851 #7 0x00007f5675f6f793 in WebCore::ReplaceSelectionCommand::doApply (this=0x7f56572fea20) at ../../Source/WebCore/editing/ReplaceSelectionCommand.cpp:1237 #8 0x00007f56770e0f4c in WebCore::CompositeEditCommand::apply (this=0x7f56572fea20) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:227 #9 0x00007f56770e0cfd in WebCore::applyCommand (command=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:186 #10 0x00007f5675f43a63 in WebCore::executeInsertFragment (frame=..., fragment=...) at ../../Source/WebCore/editing/EditorCommand.cpp:164 #11 0x00007f5675f43bad in WebCore::executeInsertNode(WebCore::Frame &, <unknown type in webkit/WebKitBuild/Debug/lib/libewebkit2.so.1, CU 0x17842d9e, DIE 0x17931fb7>) (frame=..., content=<unknown type in webkit/WebKitBuild/Debug/lib/libewebkit2.so.1, CU 0x17842d9e, DIE 0x17931fb7>) at ../../Source/WebCore/editing/EditorCommand.cpp:175 #12 0x00007f5675f45585 in WebCore::executeInsertHorizontalRule (frame=..., value=...) at ../../Source/WebCore/editing/EditorCommand.cpp:470 #13 0x00007f5675f4959e in WebCore::Editor::Command::execute (this=0x7ffe1574b400, parameter=..., triggeringEvent=0x0) at ../../Source/WebCore/editing/EditorCommand.cpp:1703 #14 0x00007f5675dedd39 in WebCore::Document::execCommand (this=0x7f5657026a40, commandName=..., userInterface=false, value=...) at ../../Source/WebCore/dom/Document.cpp:4657 #15 0x00007f567752022d in WebCore::jsDocumentPrototypeFunctionExecCommand (state=0x7ffe1574b4d0) at DerivedSources/WebCore/JSDocument.cpp:5066 #16 0x00007f560ffff0c8 in ?? () #17 0x00007ffe1574b550 in ?? () #18 0x00007f566fc57036 in llint_entry () from webkit/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.1
Attachments
Test (345 bytes, text/html)
2015-11-10 10:13 PST, Renata Hodovan 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2016-08-04 18:24:54 PDT
This reproduces in r204037.
Brent Fulgham
Comment 2 2016-08-04 18:33:09 PDT
<rdar://problem/27711851>
Note You need to log in before you can comment on or make changes to this bug.