WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
Bug 19066
ASSERT in editing code, ASSERTION FAILED: isStartOfParagraph(startOfParagraphToMove)
https://bugs.webkit.org/show_bug.cgi?id=19066
Summary
ASSERT in editing code, ASSERTION FAILED: isStartOfParagraph(startOfParagraph...
Eric Seidel (no email)
Reported
2008-05-14 18:11:55 PDT
ASSERT in editing code in Debug mode. (Release mode has no troubles) Run the test case to see. These two commands cause the ASSERT: doc.execCommand('insertimage', 1, '</td>'); doc.execCommand('insertorderedlist', 1, 'courier'); ASSERTION FAILED: isStartOfParagraph(startOfParagraphToMove) (/Users/eseidel/Projects/WebKit/WebCore/editing/CompositeEditCommand.cpp:706 void WebCore::CompositeEditCommand::moveParagraph(const WebCore::VisiblePosition&, const WebCore::VisiblePosition&, const WebCore::VisiblePosition&, bool, bool)) Process: Safari [2433] Path: /Applications/Safari.app/Contents/MacOS/Safari Identifier: com.apple.Safari Version: 3.1.1 (5525.18) Build Info: WebBrowser-55251800~2 Code Type: X86 (Native) Parent Process: perl [2430] Date/Time: 2008-05-14 18:12:30.940 -0700 OS Version: Mac OS X 10.5.2 (9C7010) Report Version: 6 Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef Crashed Thread: 0 Thread 0 Crashed: 0 com.apple.WebCore 0x026cb2a6 WebCore::CompositeEditCommand::moveParagraph(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, bool, bool) + 90 (CompositeEditCommand.cpp:706) 1 com.apple.WebCore 0x028d1ecf WebCore::InsertListCommand::doApply() + 4685 (InsertListCommand.cpp:252) 2 com.apple.WebCore 0x02795a40 WebCore::EditCommand::apply() + 408 (EditCommand.cpp:96) 3 com.apple.WebCore 0x02795b45 WebCore::applyCommand(WTF::PassRefPtr<WebCore::EditCommand>) + 25 (EditCommand.cpp:253) 4 com.apple.WebCore 0x027a24f0 WebCore::executeInsertOrderedList(WebCore::Frame*, WebCore::Event*, WebCore::EditorCommandSource, WebCore::String const&) + 96 (EditorCommand.cpp:477) 5 com.apple.WebCore 0x027a0f87 WebCore::Editor::Command::execute(WebCore::String const&, WebCore::Event*) const + 119 (EditorCommand.cpp:1364) 6 com.apple.WebCore 0x0275c5f2 WebCore::Document::execCommand(WebCore::String const&, bool, WebCore::String const&) + 62 (Document.cpp:3067) 7 com.apple.WebCore 0x029174bf WebCore::jsDocumentPrototypeFunctionExecCommand(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 299 (JSDocument.cpp:805) 8 com.apple.JavaScriptCore 0x0046ae82 KJS::PrototypeFunction::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 34 (function.cpp:906) 9 com.apple.JavaScriptCore 0x0048d146 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 222 (object.cpp:99) 10 com.apple.JavaScriptCore 0x004ef788 KJS::FunctionCallDotNode::inlineEvaluate(KJS::ExecState*) + 802 (nodes.cpp:1495) 11 com.apple.JavaScriptCore 0x004a3c12 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 30 (nodes.cpp:1501) 12 com.apple.JavaScriptCore 0x004946a5 KJS::ExprStatementNode::execute(KJS::ExecState*) + 43 (nodes.cpp:3993) 13 com.apple.JavaScriptCore 0x004769a5 KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>&, KJS::ExecState*) + 85 (nodes.cpp:3946) 14 com.apple.JavaScriptCore 0x00476a32 KJS::BlockNode::execute(KJS::ExecState*) + 26 (nodes.cpp:3972) 15 com.apple.JavaScriptCore 0x00484caa KJS::FunctionBodyNode::execute(KJS::ExecState*) + 34 (nodes.cpp:4891) 16 com.apple.JavaScriptCore 0x004854b4 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 134 (function.cpp:78) 17 com.apple.JavaScriptCore 0x0048d146 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 222 (object.cpp:99) 18 com.apple.WebCore 0x02cb0748 WebCore::JSAbstractEventListener::handleEvent(WebCore::Event*, bool) + 670 (kjs_events.cpp:100) 19 com.apple.WebCore 0x027bc3b3 WebCore::EventTarget::handleLocalEvents(WebCore::EventTargetNode*, WebCore::Event*, bool) + 385 (EventTarget.cpp:312) 20 com.apple.WebCore 0x027bcb34 WebCore::EventTargetNode::handleLocalEvents(WebCore::Event*, bool) + 118 (EventTargetNode.cpp:106) 21 com.apple.WebCore 0x027bbc1b WebCore::EventTarget::dispatchGenericEvent(WebCore::EventTargetNode*, WTF::PassRefPtr<WebCore::Event>, int&, bool) + 769 (EventTarget.cpp:192) 22 com.apple.WebCore 0x027bd238 WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 364 (EventTargetNode.cpp:121) 23 com.apple.WebCore 0x027bde7d WebCore::EventTargetNode::dispatchMouseEvent(WebCore::AtomicString const&, int, int, int, int, int, int, bool, bool, bool, bool, bool, WebCore::Node*, WTF::PassRefPtr<WebCore::Event>) + 697 (EventTargetNode.cpp:296) 24 com.apple.WebCore 0x027be63d WebCore::EventTargetNode::dispatchMouseEvent(WebCore::PlatformMouseEvent const&, WebCore::AtomicString const&, int, WebCore::Node*) + 497 (EventTargetNode.cpp:214) 25 com.apple.WebCore 0x027b3c36 WebCore::EventHandler::dispatchMouseEvent(WebCore::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool) + 148 (EventHandler.cpp:1276) 26 com.apple.WebCore 0x027b448e WebCore::EventHandler::handleMouseReleaseEvent(WebCore::PlatformMouseEvent const&) + 900 (EventHandler.cpp:1098) 27 com.apple.WebCore 0x027b93b5 WebCore::EventHandler::mouseUp(NSEvent*) + 435 (EventHandlerMac.mm:539) 28 com.apple.WebKit 0x001d40bc -[WebHTMLView mouseUp:] + 274 (WebHTMLView.mm:3215) 29 com.apple.WebCore 0x027b8d38 WebCore::EventHandler::passSubframeEventToSubframe(WebCore::MouseEventWithHitTestResults&, WebCore::Frame*, WebCore::HitTestResult*) + 968 (EventHandlerMac.mm:425) 30 com.apple.WebCore 0x027b8eb9 WebCore::EventHandler::passMouseReleaseEventToSubframe(WebCore::MouseEventWithHitTestResults&, WebCore::Frame*) + 39 (EventHandlerMac.mm:643) 31 com.apple.WebCore 0x027b435b WebCore::EventHandler::handleMouseReleaseEvent(WebCore::PlatformMouseEvent const&) + 593 (EventHandler.cpp:1088) 32 com.apple.WebCore 0x027b93b5 WebCore::EventHandler::mouseUp(NSEvent*) + 435 (EventHandlerMac.mm:539) 33 com.apple.WebKit 0x001d40bc -[WebHTMLView mouseUp:] + 274 (WebHTMLView.mm:3215) 34 com.apple.AppKit 0x90d0db61 -[NSWindow sendEvent:] + 5539 35 com.apple.Safari 0x0002b3c3 0x1000 + 172995 36 com.apple.AppKit 0x90cda714 -[NSApplication sendEvent:] + 2780 37 com.apple.Safari 0x0002ae48 0x1000 + 171592 38 com.apple.AppKit 0x90c380f9 -[NSApplication run] + 847 39 com.apple.AppKit 0x90c0530a NSApplicationMain + 574 40 com.apple.Safari 0x000b9906 0x1000 + 755974 Thread 1: 0 libSystem.B.dylib 0x900d6bce __semwait_signal + 10 1 libSystem.B.dylib 0x901018cd pthread_cond_wait$UNIX2003 + 73 2 com.apple.JavaScriptCore 0x0050b473 WTF::ThreadCondition::wait(WTF::Mutex&) + 39 (ThreadingPthreads.cpp:207) 3 com.apple.WebCore 0x028a9227 WebCore::IconDatabase::syncThreadMainLoop() + 641 (IconDatabase.cpp:1313) 4 com.apple.WebCore 0x028aa5ee WebCore::IconDatabase::iconDatabaseSyncThread() + 1198 (IconDatabase.cpp:1015) 5 com.apple.WebCore 0x028aa61d WebCore::IconDatabase::iconDatabaseSyncThreadStart(void*) + 23 (IconDatabase.cpp:919) 6 libSystem.B.dylib 0x90100c55 _pthread_start + 321 7 libSystem.B.dylib 0x90100b12 thread_start + 34 Thread 2: 0 libSystem.B.dylib 0x900d6bce __semwait_signal + 10 1 libSystem.B.dylib 0x901018cd pthread_cond_wait$UNIX2003 + 73 2 com.apple.JavaScriptCore 0x0050b473 WTF::ThreadCondition::wait(WTF::Mutex&) + 39 (ThreadingPthreads.cpp:207) 3 com.apple.WebCore 0x02d8d41e WTF::MessageQueue<WTF::RefPtr<WebCore::LocalStorageTask> >::waitForMessage(WTF::RefPtr<WebCore::LocalStorageTask>&) + 60 (MessageQueue.h:79) 4 com.apple.WebCore 0x02d8c880 WebCore::LocalStorageThread::localStorageThread() + 38 (LocalStorageThread.cpp:65) 5 com.apple.WebCore 0x02d8c8f7 WebCore::LocalStorageThread::localStorageThreadStart(void*) + 17 (LocalStorageThread.cpp:59) 6 libSystem.B.dylib 0x90100c55 _pthread_start + 321 7 libSystem.B.dylib 0x90100b12 thread_start + 34 Thread 3: 0 libSystem.B.dylib 0x900cf9e6 mach_msg_trap + 10 1 libSystem.B.dylib 0x900d71dc mach_msg + 72 2 com.apple.CoreFoundation 0x90b250de CFRunLoopRunSpecific + 1806 3 com.apple.CoreFoundation 0x90b25d18 CFRunLoopRunInMode + 88 4 com.apple.CFNetwork 0x905926cc CFURLCacheWorkerThread(void*) + 396 5 libSystem.B.dylib 0x90100c55 _pthread_start + 321 6 libSystem.B.dylib 0x90100b12 thread_start + 34 Thread 4: 0 libSystem.B.dylib 0x900cf9e6 mach_msg_trap + 10 1 libSystem.B.dylib 0x900d71dc mach_msg + 72 2 com.apple.CoreFoundation 0x90b250de CFRunLoopRunSpecific + 1806 3 com.apple.CoreFoundation 0x90b25d18 CFRunLoopRunInMode + 88 4 com.apple.Foundation 0x94c8cac0 +[NSURLConnection(NSURLConnectionReallyInternal) _resourceLoadLoop:] + 320 5 com.apple.Foundation 0x94c295ad -[NSThread main] + 45 6 com.apple.Foundation 0x94c29154 __NSThread__main__ + 308 7 libSystem.B.dylib 0x90100c55 _pthread_start + 321 8 libSystem.B.dylib 0x90100b12 thread_start + 34 Thread 0 crashed with X86 Thread State (32-bit): eax: 0xbbadbeef ebx: 0x026cb258 ecx: 0x00000000 edx: 0x00000000 edi: 0x053ea600 esi: 0x1a644390 ebp: 0xbfffdef8 esp: 0xbfffdec0 ss: 0x0000001f efl: 0x00010286 eip: 0x026cb2a6 cs: 0x00000017 ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037 cr2: 0xbbadbeef Binary Images: 0x1000 - 0x132fef com.apple.Safari 3.1.1 (5525.18) <7b337979f11e6e15dd50072420a92680> /Applications/Safari.app/Contents/MacOS/Safari 0x17a000 - 0x298fef com.apple.WebKit 526.5+ (526.5+) <f278cc9aab6c94a0f281fbcb03d184ef> /Users/eseidel/Projects/build/Debug/WebKit.framework/Versions/A/WebKit 0x44a000 - 0x459ff8 SyndicationUI ??? (???) <d148012be42c8a6e21f9cc58739c8dc7> /System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI 0x469000 - 0x538fe4 com.apple.JavaScriptCore 526.5+ (526.5+) <8464c915c5b355bd1b8915be6371cc2f> /Users/eseidel/Projects/build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore 0x6da000 - 0x7bbff7 libxml2.2.dylib ??? (???) <3cd4cccd4ca35dffa4688436aa0cd908> /usr/lib/libxml2.2.dylib 0x7e8000 - 0x8e9fef com.apple.PubSub 1.0.3 (65.1) /System/Library/Frameworks/PubSub.framework/Versions/A/PubSub 0xb00000 - 0xbeefef com.apple.RawCamera.bundle 2.0.3 (2.0.3) /System/Library/CoreServices/RawCamera.bundle/Contents/MacOS/RawCamera 0x25ff000 - 0x323eff2 com.apple.WebCore 526.5+ (526.5+) <9b07df0138654ce66eb93c80640c5ddd> /Users/eseidel/Projects/build/Debug/WebCore.framework/Versions/A/WebCore 0x188a1000 - 0x188a6ff3 libCGXCoreImage.A.dylib ??? (???) <978986709159e5fe9e094df5efddac1d> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGXCoreImage.A.dylib 0x1ae84000 - 0x1ae89fff com.apple.DictionaryServiceComponent 1.1 (1.1) <8edc1180f52db18e9ddfb4e95debe61b> /System/Library/Components/DictionaryService.component/Contents/MacOS/DictionaryService 0x1af18000 - 0x1af89fff +com.DivXInc.DivXDecoder 6.4.0 (6.4.0) /Library/QuickTime/DivX Decoder.component/Contents/MacOS/DivX Decoder 0x8fe00000 - 0x8fe2da53 dyld 96.2 (???) <7af47d3b00b2268947563c7fa8c59a07> /usr/lib/dyld 0x90003000 - 0x90005ff5 libRadiance.dylib ??? (???) <20eadb285da83df96c795c2c5fa20590> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib 0x90006000 - 0x9001cfff com.apple.DictionaryServices 1.0.0 (1.0.0) <ad0aa0252e3323d182e17f50defe56fc> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/DictionaryServices 0x9001d000 - 0x90026fff com.apple.speech.recognition.framework 3.7.24 (3.7.24) <d3180f9edbd9a5e6f283d6156aa3c602> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition 0x90027000 - 0x900cefeb com.apple.QD 3.11.52 (???) <c72bd7bd2ce12694c3640a731d1ad878> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x900cf000 - 0x9022eff3 libSystem.B.dylib ??? (???) <4899376234e55593b22fc370935f8cdf> /usr/lib/libSystem.B.dylib 0x902a4000 - 0x902a9fff com.apple.backup.framework 1.0 (1.0) /System/Library/PrivateFrameworks/Backup.framework/Versions/A/Backup 0x902aa000 - 0x902aaffd com.apple.Accelerate.vecLib 3.4.2 (vecLib 3.4.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib 0x902ab000 - 0x9033efff com.apple.ink.framework 101.3 (86) <bf3fa8927b4b8baae92381a976fd2079> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink 0x9033f000 - 0x90399ff7 com.apple.CoreText 2.0.1 (???) <07494945ad1e3f5395599f42748457cc> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x9039a000 - 0x9039bffc libffi.dylib ??? (???) <a3b573eb950ca583290f7b2b4c486d09> /usr/lib/libffi.dylib 0x9039c000 - 0x90423ff7 libsqlite3.0.dylib ??? (???) <6978bbcca4277d6ae9f042beff643f7d> /usr/lib/libsqlite3.0.dylib 0x90510000 - 0x90575ffb com.apple.ISSupport 1.6 (34) /System/Library/PrivateFrameworks/ISSupport.framework/Versions/A/ISSupport 0x90582000 - 0x90586fff libGIF.dylib ??? (???) <d4234e6f5e5f530bdafb969157f1f17b> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x90587000 - 0x905fefe3 com.apple.CFNetwork 221.5 (221.5) <5474cdd7d2a8b2e8059de249c702df9e> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork 0x905ff000 - 0x9061effa libJPEG.dylib ??? (???) <0cfb80109d624beb9ceb3c43b6c5ec10> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x9061f000 - 0x9069cfef libvMisc.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x9069d000 - 0x906c1feb libssl.0.9.7.dylib ??? (???) <acee7fc534674498dcac211318aa23e8> /usr/lib/libssl.0.9.7.dylib 0x906c2000 - 0x9071bff7 libGLU.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib 0x9071c000 - 0x90ab2ff7 com.apple.QuartzCore 1.5.1 (1.5.1) <665c80f6e28555b303020c8007c36b8b> /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x90ab3000 - 0x90be5fef com.apple.CoreFoundation 6.5.1 (476.10) <d5bed2688a5eea11a6dc3a3c5c17030e> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x90be6000 - 0x90bfefff com.apple.openscripting 1.2.6 (???) <b8e553df643f2aec68fa968b3b459b2b> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x90bff000 - 0x913fcfef com.apple.AppKit 6.5.2 (949.26) <bc4593edd8a224409fb6953a354505a0> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit 0x913fd000 - 0x91413fe7 com.apple.CoreVideo 1.5.0 (1.5.0) <bad2d3a9a92fdecd02e64f0b73a76f27> /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo 0x91414000 - 0x914c4fff edu.mit.Kerberos 6.0.12 (6.0.12) <3dd13466876a8fe4549cfc1354233ec3> /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos 0x914cb000 - 0x914d0fff com.apple.CommonPanels 1.2.4 (85) <ea0665f57cd267609466ed8b2b20e893> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels 0x91515000 - 0x9151cffe libbsm.dylib ??? (???) <d25c63378a5029648ffd4b4669be31bf> /usr/lib/libbsm.dylib 0x9151d000 - 0x915e8fff com.apple.ColorSync 4.5.0 (4.5.0) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x915e9000 - 0x915e9fff com.apple.Carbon 136 (136) <98a5e3bc0c4fa44bbb09713bb88707fe> /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon 0x916ad000 - 0x916adff8 com.apple.Cocoa 6.5 (???) <e064f94d969ce25cb7de3cfb980c3249> /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa 0x916ae000 - 0x916f3fef com.apple.Metadata 10.5.2 (398.7) <73a6424c06effc474e699cde6883de99> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata 0x916f4000 - 0x9182cff7 libicucore.A.dylib ??? (???) <afcea652ff2ec36885b2c81c57d06d4c> /usr/lib/libicucore.A.dylib 0x9182d000 - 0x91c3dfef libBLAS.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0x91c3e000 - 0x91c3effa com.apple.CoreServices 32 (32) <2fcc8f3bd5bbfc000b476cad8e6a3dd2> /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices 0x91c45000 - 0x91c4cfe9 libgcc_s.1.dylib ??? (???) <f53c808e87d1184c0f9df63aef53ce0b> /usr/lib/libgcc_s.1.dylib 0x91c4d000 - 0x91ce0ff3 com.apple.ApplicationServices.ATS 3.2 (???) <cdf31bd0ac7de54a35ee2d27cf86b6be> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0x91ce1000 - 0x91d13fff com.apple.LDAPFramework 1.4.3 (106) <3a5c9df6032143cd6bc2658a9d328d8e> /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP 0x91d19000 - 0x91d95feb com.apple.audio.CoreAudio 3.1.0 (3.1) <70bb7c657061631491029a61babe0b26> /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x91d96000 - 0x91dbefff libcups.2.dylib ??? (???) <2f0a710a9128882efb2ed92ad139b58c> /usr/lib/libcups.2.dylib 0x91dbf000 - 0x91e09fe1 com.apple.securityinterface 3.0 (32532) <f521dae416ce7a3bdd594b0d4e2fb517> /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface 0x91e0a000 - 0x921c8fea libLAPACK.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x921c9000 - 0x92254fff com.apple.framework.IOKit 1.5.1 (???) <a17f9f5ea7e8016a467e67349f4d3d03> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x9234a000 - 0x92377feb libvDSP.dylib ??? (???) <b232c018ddd040ec4e2c2af632dd497f> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x92378000 - 0x92382feb com.apple.audio.SoundManager 3.9.2 (3.9.2) <0f2ba6e891d3761212cf5a5e6134d683> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound 0x925f9000 - 0x92901fff com.apple.HIToolbox 1.5.2 (???) <7449d6f2da33ded6936243a92e307459> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x929a7000 - 0x929e0ffe com.apple.securityfoundation 3.0 (32989) <e9171eda22c69c884a04a001aeb526e0> /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation 0x92af2000 - 0x92bacfe3 com.apple.CoreServices.OSServices 224.4 (224.4) <ff5007ab220908ac54b6c661e447d593> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices 0x92bad000 - 0x92c92ff3 com.apple.CoreData 100.1 (186) <8e28162ef2288692615b52acc01f8b54> /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData 0x92c93000 - 0x92d1fff7 com.apple.LaunchServices 286.5 (286.5) <33c3ae54abb276b61a99d4c764d883e2> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices 0x92d20000 - 0x92d28fff com.apple.DiskArbitration 2.2.1 (2.2.1) <75b0c8d8940a8a27816961dddcac8e0f> /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration 0x92d29000 - 0x92d39ffc com.apple.LangAnalysis 1.6.4 (1.6.4) <cbeb17ab39f28351fe2ab5b82bf465bc> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis 0x92e72000 - 0x93192fe2 com.apple.QuickTime 7.4.5 (67) <520cbf4ae05622466ad1b89f1ba3a4e1> /System/Library/Frameworks/QuickTime.framework/Versions/A/QuickTime 0x93193000 - 0x931bbff7 com.apple.shortcut 1 (1.0) <057783867138902b52bc0941fedb74d1> /System/Library/PrivateFrameworks/Shortcut.framework/Versions/A/Shortcut 0x931bc000 - 0x9368ffde libGLProgrammability.dylib ??? (???) <a3d68f17f37ff55a3e61aca1e3aee522> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLProgrammability.dylib 0x93690000 - 0x93742ffb libcrypto.0.9.7.dylib ??? (???) <330b0e48e67faffc8c22dfc069ca7a47> /usr/lib/libcrypto.0.9.7.dylib 0x93743000 - 0x947f3ff6 com.apple.QuickTimeComponents.component 7.4.5 (67) /System/Library/QuickTime/QuickTimeComponents.component/Contents/MacOS/QuickTimeComponents 0x947f4000 - 0x9482bfff com.apple.SystemConfiguration 1.9.1 (1.9.1) <8a76e429301afe4eba1330bfeaabd9f2> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x9482c000 - 0x94857fe7 libauto.dylib ??? (???) <42d8422dc23a18071869fdf7b5d8fab5> /usr/lib/libauto.dylib 0x94858000 - 0x94878ff2 libGL.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib 0x94879000 - 0x9487bfff com.apple.securityhi 3.0 (30817) <2b2854123fed609d1820d2779e2e0963> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x9487c000 - 0x9487cff8 com.apple.ApplicationServices 34 (34) <8f910fa65f01d401ad8d04cc933cf887> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 0x9487e000 - 0x948bffe7 libRIP.A.dylib ??? (???) <9d42e83d860433f9126c4871d1fe0ce8> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x94a45000 - 0x94a55fff com.apple.speech.synthesis.framework 3.6.59 (3.6.59) <4ffef145fad3d4d787e0c33eab26b336> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x94a56000 - 0x94a56ffb com.apple.installserver.framework 1.0 (8) /System/Library/PrivateFrameworks/InstallServer.framework/Versions/A/InstallServer 0x94c13000 - 0x94c1efe7 libCSync.A.dylib ??? (???) <df82fc093e498a9eb5490761cb292218> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib 0x94c1f000 - 0x94e99fe7 com.apple.Foundation 6.5.4 (677.15) <6216196287f98a65ddb654d04d773e7b> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x94e9a000 - 0x94eb5ffb libPng.dylib ??? (???) <b6abcac36ec7654ff3e1cfa786b0117b> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x94ee7000 - 0x94faeff2 com.apple.vImage 3.0 (3.0) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x94faf000 - 0x9512dfff com.apple.AddressBook.framework 4.1 (687.1) <b2f2f2c925eb080e53b841014e4f9a7c> /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook 0x9512e000 - 0x951b7fe3 com.apple.DesktopServices 1.4.5 (1.4.5) <8b264cd6abbbd750928c637e1247269d> /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x951b8000 - 0x95215ffb libstdc++.6.dylib ??? (???) <04b812dcec670daa8b7d2852ab14be60> /usr/lib/libstdc++.6.dylib 0x95216000 - 0x9521cfff com.apple.print.framework.Print 218.0.2 (220.1) <8bf7ef71216376d12fcd5ec17e43742c> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print 0x9523b000 - 0x9523dfff com.apple.CrashReporterSupport 10.5.0 (156) <3088b785b10d03504ed02f3fee5d3aab> /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Versions/A/CrashReporterSupport 0x9523e000 - 0x958d7fff com.apple.CoreGraphics 1.351.21 (???) <6c93fd21149f389129fe47fa6ef71880> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x958e6000 - 0x95988ff3 com.apple.QuickTimeImporters.component 7.4.5 (67) /System/Library/QuickTime/QuickTimeImporters.component/Contents/MacOS/QuickTimeImporters 0x95989000 - 0x95990ff7 libCGATS.A.dylib ??? (???) <9b29a5500efe01cc3adea67bbc42568e> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib 0x95991000 - 0x9599dfe7 com.apple.opengl 1.5.6 (1.5.6) <d599b1bb0f8a8da6fd125e2587b27776> /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL 0x9599e000 - 0x95a18ff8 com.apple.print.framework.PrintCore 5.5.2 (245.1) <3c9de512e95fbd838694ee5008d56a28> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore 0x95a19000 - 0x95a98ff5 com.apple.SearchKit 1.2.0 (1.2.0) <277b460da86bc222785159fe77e2e2ed> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x95a99000 - 0x95ae9ff7 com.apple.HIServices 1.7.0 (???) <f7e78891a6d08265c83dca8e378be1ea> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x95bbe000 - 0x95bf4fef libtidy.A.dylib ??? (???) <e4d3e7399fb83d7f145f9b4ec8196242> /usr/lib/libtidy.A.dylib 0x95bf5000 - 0x95c33ff7 libGLImage.dylib ??? (???) <090de775838db03ddc710f57abbf6218> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib 0x95eb1000 - 0x95eb1ffc com.apple.audio.units.AudioUnit 1.5 (1.5) /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x95eb2000 - 0x95eb6fff libmathCommon.A.dylib ??? (???) /usr/lib/system/libmathCommon.A.dylib 0x95f08000 - 0x95f08ffd com.apple.vecLib 3.4.2 (vecLib 3.4.2) /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib 0x95f09000 - 0x95f2dfff libxslt.1.dylib ??? (???) <4933ddc7f6618743197aadc85b33b5ab> /usr/lib/libxslt.1.dylib 0x95f2e000 - 0x95f68fff com.apple.coreui 1.1 (61) /System/Library/PrivateFrameworks/CoreUI.framework/Versions/A/CoreUI 0x95f69000 - 0x95f70fff com.apple.agl 3.0.9 (AGL-3.0.9) <7dac4a7cb0de2f6d08ae71c1249379e3> /System/Library/Frameworks/AGL.framework/Versions/A/AGL 0x965c2000 - 0x965e0fff libresolv.9.dylib ??? (???) <0629b6dcd71f4aac6a891cbe26253e85> /usr/lib/libresolv.9.dylib 0x965e1000 - 0x96610fe3 com.apple.AE 402.2 (402.2) <e01596187e91af5d48653920017b8c8e> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x96616000 - 0x96655fef libTIFF.dylib ??? (???) <6d0f80e9d4d81f3f64c876aca005bd53> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x96714000 - 0x96838fe3 com.apple.audio.toolbox.AudioToolbox 1.5.1 (1.5.1) /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x96877000 - 0x96956fff libobjc.A.dylib ??? (???) <a53206274b6c2d42691f677863f379ae> /usr/lib/libobjc.A.dylib 0x96957000 - 0x9695afff com.apple.help 1.1 (36) <b507b08e484cb89033e9cf23062d77de> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help 0x9695b000 - 0x9696affe com.apple.DSObjCWrappers.Framework 1.2.1 (1.2.1) <eac1c7b7c07ed3148c85934b6f656308> /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers 0x96a34000 - 0x96d0dff3 com.apple.CoreServices.CarbonCore 785.8 (785.8) <827c228e7d717b397cdb4941eba69553> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore 0x96d0e000 - 0x96d1dfff libsasl2.2.dylib ??? (???) <b9e1ca0b6612e280b6cbea6df0eec5f6> /usr/lib/libsasl2.2.dylib 0x96d1e000 - 0x96d2cffd libz.1.dylib ??? (???) <5ddd8539ae2ebfd8e7cc1c57525385c7> /usr/lib/libz.1.dylib 0x96d2d000 - 0x96d2dffd com.apple.Accelerate 1.4.2 (Accelerate 1.4.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0x96d2e000 - 0x96d42ff3 com.apple.ImageCapture 4.0 (5.0.0) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x96d78000 - 0x96dd4ff7 com.apple.htmlrendering 68 (1.1.3) <fe87a9dede38db00e6c8949942c6bd4f> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering 0x96dd5000 - 0x96f1aff7 com.apple.ImageIO.framework 2.0.1 (2.0.1) <68ba11e689a9ca30f8310935cd1e02d6> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO 0x96f1b000 - 0x96f5dfef com.apple.NavigationServices 3.5.1 (161) <cc6bd78eabf1e2e7166914e9f12f5850> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices 0x96fad000 - 0x96fcbff3 com.apple.DirectoryService.Framework 3.5.1 (3.5.1) <96407dca4d6b1d10ae5ca1881e31b27a> /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService 0x96fcc000 - 0x97197ff7 com.apple.security 5.0.2 (33001) <0788969ffe7961153219be10786da436> /System/Library/Frameworks/Security.framework/Versions/A/Security 0x97198000 - 0x971a3ff9 com.apple.helpdata 1.0 (14) /System/Library/PrivateFrameworks/HelpData.framework/Versions/A/HelpData 0xfffe8000 - 0xfffebfff libobjc.A.dylib ??? (???) /usr/lib/libobjc.A.dylib 0xffff0000 - 0xffff1780 libSystem.B.dylib ??? (???) /usr/lib/libSystem.B.dylib
Attachments
test case (ASSERT in debug builds)
(381 bytes, text/html)
2008-05-14 18:32 PDT
,
Eric Seidel (no email)
no flags
Details
First attempt at fix, with test case
(4.21 KB, patch)
2009-03-09 15:06 PDT
,
Eric Seidel (no email)
mjs
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Eric Seidel (no email)
Comment 1
2008-05-14 18:28:30 PDT
doc.execCommand('insertimage'); doc.execCommand('insertorderedlist'); Also crashes.
Eric Seidel (no email)
Comment 2
2008-05-14 18:32:59 PDT
Created
attachment 21147
[details]
test case (ASSERT in debug builds)
Eric Seidel (no email)
Comment 3
2009-03-02 12:50:10 PST
This is the same ASSERT as is hit by
bug 19066
which is a p1 crasher with google docs. Investigating.
Eric Seidel (no email)
Comment 4
2009-03-02 13:05:29 PST
This might be caused by: // FIXME: Broken for positions before/after images that aren't inline (5027702) VisiblePosition startOfParagraph(const VisiblePosition &c) since we're inserting an image here (although it should be inline)...
Eric Seidel (no email)
Comment 5
2009-03-02 14:03:45 PST
It seems the problem here is that somehow the "start" of the paragraph being moved it wrong (and includes the list!) (gdb) call startOfParagraphToMove.showTreeForThis() *BODY 0xd90680 OL 0xdd9f90 LI 0xdd9e40 BR 0xdd9e80 IMG 0xdd8570 #text 0xd8ef90 "\n" SCRIPT 0xd928f0 #text 0xd9b220 "\ndocument.designMode = "on";\ndocument.execCommand('selectall');\ndocument.execCommand('insertimage');\ndocument.execCommand('insertorderedlist');\n" the start/end should be just around the <img>.
Eric Seidel (no email)
Comment 6
2009-03-02 14:13:19 PST
I think the problem may be startOfParagraph() In the list insertion code: if (!listChildNode || switchListType || m_forceCreateList) { // Create list. VisiblePosition start = startOfParagraph(endingSelection().visibleStart()); endingSelection().visibleStart() is correctly right before the <img>, however, when that's turned into "startOfParagraph" then it moves to <body>, 0 I'm not really sure what startOfParagraph() is supposed to do.
Justin Garcia
Comment 7
2009-03-02 14:23:39 PST
> endingSelection().visibleStart() is correctly right before the <img>, however, > when that's turned into "startOfParagraph" then it moves to <body>, 0 > > I'm not really sure what startOfParagraph() is supposed to do.
This code wants to get the start of the paragraph so that it moves the whole paragraph into the new list item. I'm not sure why it's jumping from [img, 0] to [body, 0], though.
Eric Seidel (no email)
Comment 8
2009-03-09 14:18:09 PDT
(In reply to
comment #7
)
> This code wants to get the start of the paragraph so that it moves the whole > paragraph into the new list item. I'm not sure why it's jumping from [img, 0] > to [body, 0], though.
This jump kinda makes sense. It's jumping to the containing block (which is the body), and setting start to the first offset in the containing block (which makes sense). I'm not sure that it makes sense though to insert the list right before the image, and then move the image inside it. Or at least, by doing so, we change what the "start of the paragraph" is, since now the paragraph should start right after the list. Maybe the right behavior here would be to first wrap the content which we indend to move into the list, into a new block. Then insert the list before the block. And then move the contents of the block into the list, and remove the fake block. Alternatively, we could just learn to update the start position of the paragraph after we insert the list. :) I'd be interested to hear your thoughts Justin.
Eric Seidel (no email)
Comment 9
2009-03-09 14:41:56 PDT
The naive fix of just always updating the "start" position after inserting the list, causes editing/execCommand/19653-1.html to fail, as now the text is inserted before the list instead of inside it.
Eric Seidel (no email)
Comment 10
2009-03-09 15:06:56 PDT
Created
attachment 28421
[details]
First attempt at fix, with test case LayoutTests/ChangeLog | 11 +++++++++++ .../list-wrapping-image-crash-expected.txt | 2 ++ .../execCommand/list-wrapping-image-crash.html | 10 ++++++++++ WebCore/ChangeLog | 18 ++++++++++++++++++ WebCore/editing/InsertListCommand.cpp | 12 +++++++++--- 5 files changed, 50 insertions(+), 3 deletions(-)
Justin Garcia
Comment 11
2009-03-09 17:30:54 PDT
(In reply to
comment #8
)
> (In reply to
comment #7
) > > This code wants to get the start of the paragraph so that it moves the whole > > paragraph into the new list item. I'm not sure why it's jumping from [img, 0] > > to [body, 0], though. > > This jump kinda makes sense. It's jumping to the containing block (which is > the body), and setting start to the first offset in the containing block (which > makes sense).
Doesn't make sense for startOfParagraph to jump from [img, 0] to [body, 0], [img, 0] is the start of the paragraph.
Eric Seidel (no email)
Comment 12
2009-03-09 17:35:54 PDT
(In reply to
comment #11
)
> Doesn't make sense for startOfParagraph to jump from [img, 0] to [body, 0], > [img, 0] is the start of the paragraph.
Why is [img,0] the start of the paragraph? [img,0] is the first position in the content of the paragraph, [body,0] is the first offset in the block of the paragraph. Would [p,0] or [img,0] be the "start of the paragraph" if there was a <p> between the <img> and the body?
Justin Garcia
Comment 13
2009-03-09 17:41:04 PDT
(In reply to
comment #12
)
> (In reply to
comment #11
) > > Doesn't make sense for startOfParagraph to jump from [img, 0] to [body, 0], > > [img, 0] is the start of the paragraph. > > Why is [img,0] the start of the paragraph? [img,0] is the first position in > the content of the paragraph, [body,0] is the first offset in the block of the > paragraph.
there are two paragraphs, one is in the list ([br, 0] or [li, 0]) and the other starts at [img, 0].
Eric Seidel (no email)
Comment 14
2009-03-09 17:48:15 PDT
(In reply to
comment #13
)
> > Why is [img,0] the start of the paragraph? [img,0] is the first position in > > the content of the paragraph, [body,0] is the first offset in the block of the > > paragraph. > > there are two paragraphs, one is in the list ([br, 0] or [li, 0]) and the other > starts at [img, 0].
Sure, but the "start of paragraph" is computed from the endSelection().visibleStart() before the list is inserted. At which time [body,0] makes sense it's just the DOM-complaint equivalent of [img, 0].
Eric Seidel (no email)
Comment 15
2009-03-09 18:20:48 PDT
Ok, so the problem is that [body, 0] is being preferred over [img, 0], because the img doesn't have a height. Normally [img, 0] would be preferred, which is what the list code depends on happening because it inserts a list right before the <img> and doesn't bother to update the start position. This is the check which is allowing [body, 0] to be preferred: if (!node()->hasTagName(htmlTag) && renderer->isBlockFlow() && !hasRenderedNonAnonymousDescendantsWithHeight(renderer) && (toRenderBox(renderer)->height() || node()->hasTagName(bodyTag))) return offset() == 0 && !nodeIsUserSelectNone(node()); because hasRenderedNonAnonymousDescendantsWithHeight is returning false, because the RenderImage has no height.
Eric Seidel (no email)
Comment 16
2009-05-21 19:10:30 PDT
Comment on
attachment 28421
[details]
First attempt at fix, with test case I think Justin Garcia or Darin Adler are the only two people who would ever review this. Marking this as r=justin?
Maciej Stachowiak
Comment 17
2009-05-21 23:07:28 PDT
Comment on
attachment 28421
[details]
First attempt at fix, with test case r=me
Eric Seidel (no email)
Comment 18
2009-06-02 17:20:11 PDT
Committing to
http://svn.webkit.org/repository/webkit/trunk
... M LayoutTests/ChangeLog A LayoutTests/editing/execCommand/list-wrapping-image-crash-expected.txt A LayoutTests/editing/execCommand/list-wrapping-image-crash.html M WebCore/ChangeLog M WebCore/editing/InsertListCommand.cpp Committed
r44375
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug