Created attachment 266158 [details] Test Load the attached test with debug MiniBrowser: <script> window.onload = function() { document.designMode = 'on'; document.execCommand('selectAll'); document.execCommand('indent'); } </script> <style> h2::first-letter, * { white-space: pre-wrap; } </style> <h2>x4񴒵 </h2> OS: Ubuntu 15.10 x86_64 Checked build: debug EFL Checked version: 3898028 Backtrace: ASSERTION FAILED: !textNode.renderer() || textNode.renderer()->style().collapseWhiteSpace() ../../Source/WebCore/editing/DeleteSelectionCommand.cpp(584) : void WebCore::DeleteSelectionCommand::fixupWhitespace() 1 0x7f076c5b874e WTFCrash 2 0x7f076be7d0ce WebCore::DeleteSelectionCommand::fixupWhitespace() 3 0x7f076be7f156 WebCore::DeleteSelectionCommand::doApply() 4 0x7f076be67676 WebCore::CompositeEditCommand::applyCommandToComposite(WTF::PassRefPtr<WebCore::EditCommand>) 5 0x7f076be6af95 WebCore::CompositeEditCommand::deleteSelection(bool, bool, bool, bool, bool) 6 0x7f076be6ed40 WebCore::CompositeEditCommand::moveParagraphWithClones(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, WebCore::Element*, WebCore::Node*) 7 0x7f076acb7568 WebCore::IndentOutdentCommand::indentIntoBlockquote(WebCore::Position const&, WebCore::Position const&, WTF::RefPtr<WebCore::Element>&) 8 0x7f076acb8e0a WebCore::IndentOutdentCommand::formatRange(WebCore::Position const&, WebCore::Position const&, WebCore::Position const&, WTF::RefPtr<WebCore::Element>&) 9 0x7f076be51fa7 WebCore::ApplyBlockElementCommand::formatSelection(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&) 10 0x7f076acb8d8b WebCore::IndentOutdentCommand::formatSelection(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&) 11 0x7f076be51216 WebCore::ApplyBlockElementCommand::doApply() 12 0x7f076be673a0 WebCore::CompositeEditCommand::apply() 13 0x7f076be67167 WebCore::applyCommand(WTF::PassRefPtr<WebCore::CompositeEditCommand>) 14 0x7f076ac9ee22 15 0x7f076aca30ca WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const 16 0x7f076ab4488d WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) 17 0x7f076c2a70c9 WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::ExecState*) 18 0x7f07077ff0c8 Aborted (core dumped) Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f076c5b8753 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; [Current thread is 1 (Thread 0x7f0770106a80 (LWP 8153))] #0 0x00007f076c5b8753 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x00007f076be7d0ce in WebCore::DeleteSelectionCommand::fixupWhitespace (this=0x7f0747a91dc8) at ../../Source/WebCore/editing/DeleteSelectionCommand.cpp:584 #2 0x00007f076be7f156 in WebCore::DeleteSelectionCommand::doApply (this=0x7f0747a91dc8) at ../../Source/WebCore/editing/DeleteSelectionCommand.cpp:849 #3 0x00007f076be67676 in WebCore::CompositeEditCommand::applyCommandToComposite (this=0x7f0747a8a000, prpCommand=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:278 #4 0x00007f076be6af95 in WebCore::CompositeEditCommand::deleteSelection (this=0x7f0747a8a000, smartDelete=false, mergeBlocksAfterDelete=false, replace=false, expandForSpecialElements=false, sanitizeMarkup=true) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:644 #5 0x00007f076be6ed40 in WebCore::CompositeEditCommand::moveParagraphWithClones (this=0x7f0747a8a000, startOfParagraphToMove=..., endOfParagraphToMove=..., blockElement=0x7f0747be3af8, outerNode=0x7f0747be39c0) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:1184 #6 0x00007f076acb7568 in WebCore::IndentOutdentCommand::indentIntoBlockquote (this=0x7f0747a8a000, start=..., end=..., targetBlockquote=...) at ../../Source/WebCore/editing/IndentOutdentCommand.cpp:117 #7 0x00007f076acb8e0a in WebCore::IndentOutdentCommand::formatRange (this=0x7f0747a8a000, start=..., end=..., blockquoteForNextIndent=...) at ../../Source/WebCore/editing/IndentOutdentCommand.cpp:236 #8 0x00007f076be51fa7 in WebCore::ApplyBlockElementCommand::formatSelection (this=0x7f0747a8a000, startOfSelection=..., endOfSelection=...) at ../../Source/WebCore/editing/ApplyBlockElementCommand.cpp:145 #9 0x00007f076acb8d8b in WebCore::IndentOutdentCommand::formatSelection (this=0x7f0747a8a000, startOfSelection=..., endOfSelection=...) at ../../Source/WebCore/editing/IndentOutdentCommand.cpp:226 #10 0x00007f076be51216 in WebCore::ApplyBlockElementCommand::doApply (this=0x7f0747a8a000) at ../../Source/WebCore/editing/ApplyBlockElementCommand.cpp:90 #11 0x00007f076be673a0 in WebCore::CompositeEditCommand::apply (this=0x7f0747a8a000) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:227 #12 0x00007f076be67167 in WebCore::applyCommand (command=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:186 #13 0x00007f076ac9ee22 in WebCore::executeIndent (frame=...) at ../../Source/WebCore/editing/EditorCommand.cpp:456 #14 0x00007f076aca30ca in WebCore::Editor::Command::execute (this=0x7ffd211d3cc0, parameter=..., triggeringEvent=0x0) at ../../Source/WebCore/editing/EditorCommand.cpp:1703 #15 0x00007f076ab4488d in WebCore::Document::execCommand (this=0x7f074781d900, commandName=..., userInterface=false, value=...) at ../../Source/WebCore/dom/Document.cpp:4657 #16 0x00007f076c2a70c9 in WebCore::jsDocumentPrototypeFunctionExecCommand (state=0x7ffd211d3d90) at DerivedSources/WebCore/JSDocument.cpp:5066 #17 0x00007f07077ff0c8 in ?? () #18 0x00007ffd211d3e10 in ?? () #19 0x00007f075fd95d98 in llint_entry () from webkit/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.1
This reproduces in r204037.
<rdar://problem/27720037>