Created attachment 267085 [details] Test Load the attached test with debug MiniBrowser: <script> window.onload = function() { document.designMode = 'on'; document.execCommand('selectAll'); document.execCommand('indent'); } </script> <ol> <li></li> </ol> a <div>a</div> OS: Ubuntu 15.10 x86_64 Checked build: debug EFL Checked version: 2559fac Backtrace: ASSERTION FAILED: !simpleLineLayout() ../../Source/WebCore/rendering/RenderText.cpp(1286) : WebCore::LayoutRect WebCore::RenderText::collectSelectionRectsForLineBoxes(const WebCore::RenderLayerModelObject*, bool, WTF::Vector<WebCore::LayoutRect>*) 1 0x7fc65c45074e WTFCrash 2 0x7fc65b39c1fa WebCore::RenderText::collectSelectionRectsForLineBoxes(WebCore::RenderLayerModelObject const*, bool, WTF::Vector<WebCore::LayoutRect, 0ul, WTF::CrashOnOverflow, 16ul>*) 3 0x7fc65b39c5f7 WebCore::RenderText::collectSelectionRectsForLineBoxes(WebCore::RenderLayerModelObject const*, bool, WTF::Vector<WebCore::LayoutRect, 0ul, WTF::CrashOnOverflow, 16ul>&) 4 0x7fc65be98429 WebCore::RenderSelectionInfo::RenderSelectionInfo(WebCore::RenderObject&, bool) 5 0x7fc65b3c3c1b std::_Unique_if<WebCore::RenderSelectionInfo>::_Single_object std::make_unique<WebCore::RenderSelectionInfo, WebCore::RenderObject&, bool>(WebCore::RenderObject&, bool&&) 6 0x7fc65b3bec73 WebCore::RenderView::clearSubtreeSelection(WebCore::SelectionSubtreeRoot const&, WebCore::RenderView::SelectionRepaintMode, WebCore::SelectionSubtreeRoot::OldSelectionData&) const 7 0x7fc65b3be7db WebCore::RenderView::updateSelectionForSubtrees(WTF::HashMap<WebCore::SelectionSubtreeRoot*, WebCore::SelectionSubtreeRoot::SelectionSubtreeData, WTF::PtrHash<WebCore::SelectionSubtreeRoot*>, WTF::HashTraits<WebCore::SelectionSubtreeRoot*>, WTF::HashTraits<WebCore::SelectionSubtreeRoot::SelectionSubtreeData> >&, WebCore::RenderView::SelectionRepaintMode) 8 0x7fc65b3be1f4 WebCore::RenderView::setSelection(WebCore::RenderObject*, int, WebCore::RenderObject*, int, WebCore::RenderView::SelectionRepaintMode) 9 0x7fc65b3bfd09 WebCore::RenderView::clearSelection() 10 0x7fc65ab41057 WebCore::FrameSelection::setNeedsSelectionUpdate() 11 0x7fc65b253397 WebCore::RenderElement::removeChildInternal(WebCore::RenderObject&, WebCore::RenderElement::NotifyChildrenType) 12 0x7fc65b252d36 WebCore::RenderElement::removeChild(WebCore::RenderObject&) 13 0x7fc65b1a3b14 WebCore::RenderBlock::removeChild(WebCore::RenderObject&) 14 0x7fc65b1e3193 WebCore::RenderBlockFlow::removeChild(WebCore::RenderObject&) 15 0x7fc65b347857 WebCore::RenderObject::removeFromParent() 16 0x7fc65b34be53 WebCore::RenderObject::willBeDestroyed() 17 0x7fc65b398064 WebCore::RenderText::willBeDestroyed() 18 0x7fc65b34c5ae WebCore::RenderObject::destroy() 19 0x7fc65b34c571 WebCore::RenderObject::destroyAndCleanupAnonymousWrappers() 20 0x7fc65b48682d WebCore::Style::detachTextRenderer(WebCore::Text&) 21 0x7fc65b4881b7 22 0x7fc65b4868f5 WebCore::Style::updateTextRendererAfterContentChange(WebCore::Text&, unsigned int, unsigned int) 23 0x7fc65bcbc053 WebCore::CharacterData::setDataAndUpdate(WTF::String const&, unsigned int, unsigned int, unsigned int) 24 0x7fc65bcbbd1a WebCore::CharacterData::deleteData(unsigned int, unsigned int, int&) 25 0x7fc65bd10504 WebCore::DeleteFromTextNodeCommand::doApply() 26 0x7fc65bcff676 WebCore::CompositeEditCommand::applyCommandToComposite(WTF::PassRefPtr<WebCore::EditCommand>) 27 0x7fc65bd021d0 WebCore::CompositeEditCommand::deleteTextFromNode(WTF::PassRefPtr<WebCore::Text>, unsigned int, unsigned int) 28 0x7fc65bd13b33 WebCore::DeleteSelectionCommand::deleteTextFromNode(WTF::PassRefPtr<WebCore::Text>, unsigned int, unsigned int) 29 0x7fc65bd1422b WebCore::DeleteSelectionCommand::handleGeneralDelete() 30 0x7fc65bd17147 WebCore::DeleteSelectionCommand::doApply() 31 0x7fc65bcff676 WebCore::CompositeEditCommand::applyCommandToComposite(WTF::PassRefPtr<WebCore::EditCommand>) Aborted (core dumped) Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007fc65c450753 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; [Current thread is 1 (Thread 0x7fc65ff9ea80 (LWP 3584))] #0 0x00007fc65c450753 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x00007fc65b39c1fa in WebCore::RenderText::collectSelectionRectsForLineBoxes (this=0x7fc637b899c0, repaintContainer=0x7fc637adc228, clipToVisibleContent=true, rects=0x7fc637b6e718) at ../../Source/WebCore/rendering/RenderText.cpp:1286 #2 0x00007fc65b39c5f7 in WebCore::RenderText::collectSelectionRectsForLineBoxes (this=0x7fc637b899c0, repaintContainer=0x7fc637adc228, clipToVisibleContent=true, rects=...) at ../../Source/WebCore/rendering/RenderText.cpp:1330 #3 0x00007fc65be98429 in WebCore::RenderSelectionInfo::RenderSelectionInfo (this=0x7fc637b6e700, renderer=..., clipToVisibleContent=true) at ../../Source/WebCore/rendering/RenderSelectionInfo.cpp:50 #4 0x00007fc65b3c3c1b in std::make_unique<WebCore::RenderSelectionInfo, WebCore::RenderObject&, bool>(WebCore::RenderObject&, bool&&) () at ../../Source/WTF/wtf/StdLibExtras.h:319 #5 0x00007fc65b3bec73 in WebCore::RenderView::clearSubtreeSelection (this=0x7fc637adc228, root=..., blockRepaintMode=WebCore::RenderView::RepaintNewMinusOld, oldSelectionData=...) at ../../Source/WebCore/rendering/RenderView.cpp:965 #6 0x00007fc65b3be7db in WebCore::RenderView::updateSelectionForSubtrees (this=0x7fc637adc228, renderSubtreesMap=..., blockRepaintMode=WebCore::RenderView::RepaintNewMinusOld) at ../../Source/WebCore/rendering/RenderView.cpp:925 #7 0x00007fc65b3be1f4 in WebCore::RenderView::setSelection (this=0x7fc637adc228, start=0x0, startPos=-1, end=0x0, endPos=-1, blockRepaintMode=WebCore::RenderView::RepaintNewMinusOld) at ../../Source/WebCore/rendering/RenderView.cpp:870 #8 0x00007fc65b3bfd09 in WebCore::RenderView::clearSelection (this=0x7fc637adc228) at ../../Source/WebCore/rendering/RenderView.cpp:1100 #9 0x00007fc65ab41057 in WebCore::FrameSelection::setNeedsSelectionUpdate (this=0x7fc637ae8230) at ../../Source/WebCore/editing/FrameSelection.cpp:368 #10 0x00007fc65b253397 in WebCore::RenderElement::removeChildInternal (this=0x7fc637bb85c0, oldChild=..., notifyChildren=WebCore::RenderElement::NotifyChildren) at ../../Source/WebCore/rendering/RenderElement.cpp:647 #11 0x00007fc65b252d36 in WebCore::RenderElement::removeChild (this=0x7fc637bb85c0, oldChild=...) at ../../Source/WebCore/rendering/RenderElement.cpp:547 #12 0x00007fc65b1a3b14 in WebCore::RenderBlock::removeChild (this=0x7fc637bb85c0, oldChild=...) at ../../Source/WebCore/rendering/RenderBlock.cpp:745 #13 0x00007fc65b1e3193 in WebCore::RenderBlockFlow::removeChild (this=0x7fc637bb85c0, oldChild=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:3806 #14 0x00007fc65b347857 in WebCore::RenderObject::removeFromParent (this=0x7fc637bf2120) at ../../Source/WebCore/rendering/RenderObject.cpp:199 #15 0x00007fc65b34be53 in WebCore::RenderObject::willBeDestroyed (this=0x7fc637bf2120) at ../../Source/WebCore/rendering/RenderObject.cpp:1527 #16 0x00007fc65b398064 in WebCore::RenderText::willBeDestroyed (this=0x7fc637bf2120) at ../../Source/WebCore/rendering/RenderText.cpp:287 #17 0x00007fc65b34c5ae in WebCore::RenderObject::destroy (this=0x7fc637bf2120) at ../../Source/WebCore/rendering/RenderObject.cpp:1702 #18 0x00007fc65b34c571 in WebCore::RenderObject::destroyAndCleanupAnonymousWrappers (this=0x7fc637bf2120) at ../../Source/WebCore/rendering/RenderObject.cpp:1689 #19 0x00007fc65b48682d in WebCore::Style::detachTextRenderer (textNode=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:324 #20 0x00007fc65b4881b7 in WebCore::Style::resolveTextNode (text=..., renderTreePosition=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:670 #21 0x00007fc65b4868f5 in WebCore::Style::updateTextRendererAfterContentChange (textNode=..., offsetOfReplacedData=0, lengthOfReplacedData=3) at ../../Source/WebCore/style/StyleResolveTree.cpp:337 #22 0x00007fc65bcbc053 in WebCore::CharacterData::setDataAndUpdate (this=0x7fc637b8f000, newData=..., offsetOfReplacedData=0, oldLength=3, newLength=0) at ../../Source/WebCore/dom/CharacterData.cpp:191 #23 0x00007fc65bcbbd1a in WebCore::CharacterData::deleteData (this=0x7fc637b8f000, offset=0, count=3, ec=@0x7fffc50ce32c: 0) at ../../Source/WebCore/dom/CharacterData.cpp:145 #24 0x00007fc65bd10504 in WebCore::DeleteFromTextNodeCommand::doApply (this=0x7fc637b6b2a0) at ../../Source/WebCore/editing/DeleteFromTextNodeCommand.cpp:63 #25 0x00007fc65bcff676 in WebCore::CompositeEditCommand::applyCommandToComposite (this=0x7fc637a94dc8, prpCommand=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:278 #26 0x00007fc65bd021d0 in WebCore::CompositeEditCommand::deleteTextFromNode (this=0x7fc637a94dc8, node=..., offset=0, count=3) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:555 #27 0x00007fc65bd13b33 in WebCore::DeleteSelectionCommand::deleteTextFromNode (this=0x7fc637a94dc8, node=..., offset=0, count=3) at ../../Source/WebCore/editing/DeleteSelectionCommand.cpp:428 #28 0x00007fc65bd1422b in WebCore::DeleteSelectionCommand::handleGeneralDelete (this=0x7fc637a94dc8) at ../../Source/WebCore/editing/DeleteSelectionCommand.cpp:487 #29 0x00007fc65bd17147 in WebCore::DeleteSelectionCommand::doApply (this=0x7fc637a94dc8) at ../../Source/WebCore/editing/DeleteSelectionCommand.cpp:847 #30 0x00007fc65bcff676 in WebCore::CompositeEditCommand::applyCommandToComposite (this=0x7fc637a97108, prpCommand=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:278 #31 0x00007fc65bd02f95 in WebCore::CompositeEditCommand::deleteSelection (this=0x7fc637a97108, smartDelete=false, mergeBlocksAfterDelete=false, replace=false, expandForSpecialElements=false, sanitizeMarkup=true) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:644 #32 0x00007fc65bd06d40 in WebCore::CompositeEditCommand::moveParagraphWithClones (this=0x7fc637a97108, startOfParagraphToMove=..., endOfParagraphToMove=..., blockElement=0x7fc637beb138, outerNode=0x7fc637beb000) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:1184 #33 0x00007fc65ab4f568 in WebCore::IndentOutdentCommand::indentIntoBlockquote (this=0x7fc637a97108, start=..., end=..., targetBlockquote=...) at ../../Source/WebCore/editing/IndentOutdentCommand.cpp:117 #34 0x00007fc65ab50e0a in WebCore::IndentOutdentCommand::formatRange (this=0x7fc637a97108, start=..., end=..., blockquoteForNextIndent=...) at ../../Source/WebCore/editing/IndentOutdentCommand.cpp:236 #35 0x00007fc65bce9fa7 in WebCore::ApplyBlockElementCommand::formatSelection (this=0x7fc637a97108, startOfSelection=..., endOfSelection=...) at ../../Source/WebCore/editing/ApplyBlockElementCommand.cpp:145 #36 0x00007fc65ab50d8b in WebCore::IndentOutdentCommand::formatSelection (this=0x7fc637a97108, startOfSelection=..., endOfSelection=...) at ../../Source/WebCore/editing/IndentOutdentCommand.cpp:226 #37 0x00007fc65bce9216 in WebCore::ApplyBlockElementCommand::doApply (this=0x7fc637a97108) at ../../Source/WebCore/editing/ApplyBlockElementCommand.cpp:90 #38 0x00007fc65bcff3a0 in WebCore::CompositeEditCommand::apply (this=0x7fc637a97108) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:227 #39 0x00007fc65bcff167 in WebCore::applyCommand (command=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:186 #40 0x00007fc65ab36e22 in WebCore::executeIndent (frame=...) at ../../Source/WebCore/editing/EditorCommand.cpp:456 #41 0x00007fc65ab3b0ca in WebCore::Editor::Command::execute (this=0x7fffc50cf400, parameter=..., triggeringEvent=0x0) at ../../Source/WebCore/editing/EditorCommand.cpp:1703 #42 0x00007fc65a9dc88d in WebCore::Document::execCommand (this=0x7fc63781d900, commandName=..., userInterface=false, value=...) at ../../Source/WebCore/dom/Document.cpp:4657 #43 0x00007fc65c13f0c9 in WebCore::jsDocumentPrototypeFunctionExecCommand (state=0x7fffc50cf4d0) at DerivedSources/WebCore/JSDocument.cpp:5066 #44 0x00007fc5f77ff0c8 in ?? () #45 0x00007fffc50cf550 in ?? () #46 0x00007fc64fc2dd98 in llint_entry () from webkit/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.1