Created attachment 21178 [details] 20k lines of editing commands used to produce crash

ridiculous even. :) And here is the backtrace: Process: Safari [44640] Path: /Applications/Safari.app/Contents/MacOS/Safari Identifier: com.apple.Safari Version: 3.1.1 (5525.18) Build Info: WebBrowser-55251800~2 Code Type: X86 (Native) Parent Process: perl [44637] Date/Time: 2008-05-15 13:21:23.041 -0700 OS Version: Mac OS X 10.5.2 (9C7010) Report Version: 6 Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000008 Crashed Thread: 0 Thread 0 Crashed: 0 com.apple.WebCore 0x0120bf57 WebCore::IndentOutdentCommand::prepareBlockquoteLevelForInsertion(WebCore::VisiblePosition&, WebCore::Node**) + 71 (TreeShared.h:86) 1 com.apple.WebCore 0x0120c837 WebCore::IndentOutdentCommand::indentRegion() + 1399 (IndentOutdentCommand.cpp:159) 2 com.apple.WebCore 0x0120ea72 WebCore::IndentOutdentCommand::doApply() + 226 (RefPtr.h:51) 3 com.apple.WebCore 0x0111ec9d WebCore::EditCommand::apply() + 61 (EditCommand.cpp:96) 4 com.apple.WebCore 0x0112c8d4 WebCore::executeIndent(WebCore::Frame*, WebCore::Event*, WebCore::EditorCommandSource, WebCore::String const&) + 84 (PassRefPtr.h:44) 5 com.apple.WebCore 0x0112b322 WebCore::Editor::Command::execute(WebCore::String const&, WebCore::Event*) const + 82 (EditorCommand.cpp:1364) 6 com.apple.WebCore 0x010fa875 WebCore::Document::execCommand(WebCore::String const&, bool, WebCore::String const&) + 53 (RefPtr.h:51) 7 com.apple.WebCore 0x0125ce1f WebCore::jsDocumentPrototypeFunctionExecCommand(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 271 (RefPtr.h:51) 8 com.apple.JavaScriptCore 0x003914dc KJS::functionProtoFuncApply(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 604 (object.cpp:107) 9 com.apple.JavaScriptCore 0x003b49d9 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 697 (object.cpp:107) 10 com.apple.JavaScriptCore 0x0039bd29 KJS::ExprStatementNode::execute(KJS::ExecState*) + 25 (nodes.cpp:3994) 11 com.apple.JavaScriptCore 0x003dd121 KJS::FunctionBodyNode::execute(KJS::ExecState*) + 481 (nodes.cpp:3949) 12 com.apple.JavaScriptCore 0x003d9965 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 405 (function.cpp:78) 13 com.apple.JavaScriptCore 0x003b35d1 KJS::LocalVarFunctionCallNode::evaluate(KJS::ExecState*) + 481 (object.cpp:107) 14 com.apple.JavaScriptCore 0x0039bd29 KJS::ExprStatementNode::execute(KJS::ExecState*) + 25 (nodes.cpp:3994) 15 com.apple.JavaScriptCore 0x003625d0 KJS::BlockNode::execute(KJS::ExecState*) + 64 (nodes.cpp:3949) 16 com.apple.JavaScriptCore 0x003d7851 KJS::TryNode::execute(KJS::ExecState*) + 33 (nodes.cpp:4566) 17 com.apple.JavaScriptCore 0x0039bff3 KJS::CaseBlockNode::executeBlock(KJS::ExecState*, KJS::JSValue*) + 563 (nodes.cpp:3947) 18 com.apple.JavaScriptCore 0x0039c179 KJS::SwitchNode::execute(KJS::ExecState*) + 41 (ExecState.h:108) 19 com.apple.JavaScriptCore 0x0039b88a KJS::ForNode::execute(KJS::ExecState*) + 90 (ExecState.h:69) 20 com.apple.JavaScriptCore 0x003dd121 KJS::FunctionBodyNode::execute(KJS::ExecState*) + 481 (nodes.cpp:3949) 21 com.apple.JavaScriptCore 0x003d9965 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 405 (function.cpp:78) 22 com.apple.JavaScriptCore 0x003b35d1 KJS::LocalVarFunctionCallNode::evaluate(KJS::ExecState*) + 481 (object.cpp:107) 23 com.apple.JavaScriptCore 0x0039bd29 KJS::ExprStatementNode::execute(KJS::ExecState*) + 25 (nodes.cpp:3994) 24 com.apple.JavaScriptCore 0x003dbf31 KJS::ProgramNode::execute(KJS::ExecState*) + 305 (nodes.cpp:3949) 25 com.apple.JavaScriptCore 0x003c92ec KJS::Interpreter::evaluate(KJS::ExecState*, KJS::UString const&, int, unsigned short const*, int, KJS::JSValue*) + 1820 (LabelStack.h:68) 26 com.apple.WebCore 0x01554595 WebCore::KJSProxy::evaluate(WebCore::String const&, int, WebCore::String const&) + 197 (kjs_proxy.cpp:88) 27 com.apple.WebCore 0x0117d234 WebCore::FrameLoader::executeScript(WebCore::String const&, int, WebCore::String const&) + 116 (FrameLoader.cpp:781) 28 com.apple.WebCore 0x0117d296 WebCore::FrameLoader::executeScript(WebCore::String const&, bool) + 54 (RefPtr.h:51) 29 com.apple.WebCore 0x014dd40e WebCore::ScheduledAction::execute(WebCore::JSDOMWindowShell*) + 574 (ScheduledAction.cpp:87) 30 com.apple.WebCore 0x015986f8 WebCore::JSDOMWindowBase::timerFired(WebCore::DOMWindowTimer*) + 72 (JSDOMWindowBase.cpp:1316) 31 com.apple.WebCore 0x015988d8 WebCore::DOMWindowTimer::fired() + 40 (JSDOMWindowBase.cpp:1367) 32 com.apple.WebCore 0x0150bbd9 WebCore::TimerBase::fireTimers(double, WTF::Vector<WebCore::TimerBase*, 0ul> const&) + 137 (Timer.cpp:350) 33 com.apple.WebCore 0x0150bca2 WebCore::TimerBase::sharedTimerFired() + 162 (Timer.cpp:370) 34 com.apple.WebCore 0x014f13c4 WebCore::timerFired(__CFRunLoopTimer*, void*) + 68 (SharedTimerMac.mm:85) 35 com.apple.CoreFoundation 0x90b25b5e CFRunLoopRunSpecific + 4494 36 com.apple.CoreFoundation 0x90b25d18 CFRunLoopRunInMode + 88 37 com.apple.HIToolbox 0x926296a0 RunCurrentEventLoopInMode + 283 38 com.apple.HIToolbox 0x926294b9 ReceiveNextEventCommon + 374 39 com.apple.HIToolbox 0x9262932d BlockUntilNextEventMatchingListInMode + 106 40 com.apple.AppKit 0x90c3f7d9 _DPSNextEvent + 657 41 com.apple.AppKit 0x90c3f08e -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 42 com.apple.Safari 0x00007f2e 0x1000 + 28462 43 com.apple.AppKit 0x90c380c5 -[NSApplication run] + 795 44 com.apple.AppKit 0x90c0530a NSApplicationMain + 574 45 com.apple.Safari 0x000b9906 0x1000 + 755974 Thread 1: 0 libSystem.B.dylib 0x900d6bce __semwait_signal + 10 1 libSystem.B.dylib 0x901018cd pthread_cond_wait$UNIX2003 + 73 2 com.apple.WebCore 0x011ffb9f WebCore::IconDatabase::syncThreadMainLoop() + 239 (IconDatabase.cpp:1313) 3 com.apple.WebCore 0x011ffcb5 WebCore::IconDatabase::iconDatabaseSyncThread() + 181 (IconDatabase.cpp:1015) 4 libSystem.B.dylib 0x90100c55 _pthread_start + 321 5 libSystem.B.dylib 0x90100b12 thread_start + 34 Thread 2: 0 libSystem.B.dylib 0x900d6bce __semwait_signal + 10 1 libSystem.B.dylib 0x901018cd pthread_cond_wait$UNIX2003 + 73 2 com.apple.WebCore 0x015eeccb WebCore::LocalStorageThread::localStorageThread() + 427 (MessageQueue.h:79) 3 libSystem.B.dylib 0x90100c55 _pthread_start + 321 4 libSystem.B.dylib 0x90100b12 thread_start + 34 Thread 3: 0 libSystem.B.dylib 0x900cf9e6 mach_msg_trap + 10 1 libSystem.B.dylib 0x900d71dc mach_msg + 72 2 com.apple.CoreFoundation 0x90b250de CFRunLoopRunSpecific + 1806 3 com.apple.CoreFoundation 0x90b25d18 CFRunLoopRunInMode + 88 4 com.apple.CFNetwork 0x905926cc CFURLCacheWorkerThread(void*) + 396 5 libSystem.B.dylib 0x90100c55 _pthread_start + 321 6 libSystem.B.dylib 0x90100b12 thread_start + 34 Thread 4: 0 libSystem.B.dylib 0x900cf9e6 mach_msg_trap + 10 1 libSystem.B.dylib 0x900d71dc mach_msg + 72 2 com.apple.CoreFoundation 0x90b250de CFRunLoopRunSpecific + 1806 3 com.apple.CoreFoundation 0x90b25d18 CFRunLoopRunInMode + 88 4 com.apple.Foundation 0x94c8cac0 +[NSURLConnection(NSURLConnectionReallyInternal) _resourceLoadLoop:] + 320 5 com.apple.Foundation 0x94c295ad -[NSThread main] + 45 6 com.apple.Foundation 0x94c29154 __NSThread__main__ + 308 7 libSystem.B.dylib 0x90100c55 _pthread_start + 321 8 libSystem.B.dylib 0x90100b12 thread_start + 34 Thread 0 crashed with X86 Thread State (32-bit): eax: 0x0120bbb0 ebx: 0x0120bf21 ecx: 0xbfffd630 edx: 0x00000000 edi: 0xbfffd524 esi: 0x00000000 ebp: 0xbfffd568 esp: 0xbfffd4e0 ss: 0x0000001f efl: 0x00010246 eip: 0x0120bf57 cs: 0x00000017 ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037 cr2: 0x00000008 Binary Images: 0x1000 - 0x132fef com.apple.Safari 3.1.1 (5525.18) <7b337979f11e6e15dd50072420a92680> /Applications/Safari.app/Contents/MacOS/Safari 0x17a000 - 0x247fef com.apple.WebKit 526.5+ (526.5+) <472218e0c20375028b3fd1185479a9df> /Users/eseidel/Projects/build/Release/WebKit.framework/Versions/A/WebKit 0x33f000 - 0x34eff8 SyndicationUI ??? (???) <d148012be42c8a6e21f9cc58739c8dc7> /System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI 0x35e000 - 0x423ff7 com.apple.JavaScriptCore 526.5+ (526.5+) <720f9aef0ce2fe785de8c13937c2a878> /Users/eseidel/Projects/build/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore 0x4b6000 - 0x597ff7 libxml2.2.dylib ??? (???) <3cd4cccd4ca35dffa4688436aa0cd908> /usr/lib/libxml2.2.dylib 0xfd9000 - 0x170bfff com.apple.WebCore 526.5+ (526.5+) <c9c42378ba06364b5790d456ac31284c> /Users/eseidel/Projects/build/Release/WebCore.framework/Versions/A/WebCore 0x1fb2000 - 0x20b3fef com.apple.PubSub 1.0.3 (65.1) /System/Library/Frameworks/PubSub.framework/Versions/A/PubSub 0x21bf000 - 0x21c4ff3 libCGXCoreImage.A.dylib ??? (???) <978986709159e5fe9e094df5efddac1d> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGXCoreImage.A.dylib 0x23f6000 - 0x24e4fef com.apple.RawCamera.bundle 2.0.3 (2.0.3) /System/Library/CoreServices/RawCamera.bundle/Contents/MacOS/RawCamera 0x18786000 - 0x1878bfff com.apple.DictionaryServiceComponent 1.1 (1.1) <8edc1180f52db18e9ddfb4e95debe61b> /System/Library/Components/DictionaryService.component/Contents/MacOS/DictionaryService 0x18811000 - 0x18882fff +com.DivXInc.DivXDecoder 6.4.0 (6.4.0) /Library/QuickTime/DivX Decoder.component/Contents/MacOS/DivX Decoder 0x189a7000 - 0x189a8ff3 ATSHI.dylib ??? (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/ATSHI.dylib 0x8fe00000 - 0x8fe2da53 dyld 96.2 (???) <7af47d3b00b2268947563c7fa8c59a07> /usr/lib/dyld 0x90003000 - 0x90005ff5 libRadiance.dylib ??? (???) <20eadb285da83df96c795c2c5fa20590> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib 0x90006000 - 0x9001cfff com.apple.DictionaryServices 1.0.0 (1.0.0) <ad0aa0252e3323d182e17f50defe56fc> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/DictionaryServices 0x9001d000 - 0x90026fff com.apple.speech.recognition.framework 3.7.24 (3.7.24) <d3180f9edbd9a5e6f283d6156aa3c602> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition 0x90027000 - 0x900cefeb com.apple.QD 3.11.52 (???) <c72bd7bd2ce12694c3640a731d1ad878> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x900cf000 - 0x9022eff3 libSystem.B.dylib ??? (???) <4899376234e55593b22fc370935f8cdf> /usr/lib/libSystem.B.dylib 0x902a4000 - 0x902a9fff com.apple.backup.framework 1.0 (1.0) /System/Library/PrivateFrameworks/Backup.framework/Versions/A/Backup 0x902aa000 - 0x902aaffd com.apple.Accelerate.vecLib 3.4.2 (vecLib 3.4.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib 0x902ab000 - 0x9033efff com.apple.ink.framework 101.3 (86) <bf3fa8927b4b8baae92381a976fd2079> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink 0x9033f000 - 0x90399ff7 com.apple.CoreText 2.0.1 (???) <07494945ad1e3f5395599f42748457cc> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x9039a000 - 0x9039bffc libffi.dylib ??? (???) <a3b573eb950ca583290f7b2b4c486d09> /usr/lib/libffi.dylib 0x9039c000 - 0x90423ff7 libsqlite3.0.dylib ??? (???) <6978bbcca4277d6ae9f042beff643f7d> /usr/lib/libsqlite3.0.dylib 0x90510000 - 0x90575ffb com.apple.ISSupport 1.6 (34) /System/Library/PrivateFrameworks/ISSupport.framework/Versions/A/ISSupport 0x90582000 - 0x90586fff libGIF.dylib ??? (???) <d4234e6f5e5f530bdafb969157f1f17b> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x90587000 - 0x905fefe3 com.apple.CFNetwork 221.5 (221.5) <5474cdd7d2a8b2e8059de249c702df9e> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork 0x905ff000 - 0x9061effa libJPEG.dylib ??? (???) <0cfb80109d624beb9ceb3c43b6c5ec10> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x9061f000 - 0x9069cfef libvMisc.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x9069d000 - 0x906c1feb libssl.0.9.7.dylib ??? (???) <acee7fc534674498dcac211318aa23e8> /usr/lib/libssl.0.9.7.dylib 0x906c2000 - 0x9071bff7 libGLU.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib 0x9071c000 - 0x90ab2ff7 com.apple.QuartzCore 1.5.1 (1.5.1) <665c80f6e28555b303020c8007c36b8b> /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x90ab3000 - 0x90be5fef com.apple.CoreFoundation 6.5.1 (476.10) <d5bed2688a5eea11a6dc3a3c5c17030e> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x90be6000 - 0x90bfefff com.apple.openscripting 1.2.6 (???) <b8e553df643f2aec68fa968b3b459b2b> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x90bff000 - 0x913fcfef com.apple.AppKit 6.5.2 (949.26) <bc4593edd8a224409fb6953a354505a0> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit 0x913fd000 - 0x91413fe7 com.apple.CoreVideo 1.5.0 (1.5.0) <bad2d3a9a92fdecd02e64f0b73a76f27> /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo 0x91414000 - 0x914c4fff edu.mit.Kerberos 6.0.12 (6.0.12) <3dd13466876a8fe4549cfc1354233ec3> /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos 0x914cb000 - 0x914d0fff com.apple.CommonPanels 1.2.4 (85) <ea0665f57cd267609466ed8b2b20e893> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels 0x91515000 - 0x9151cffe libbsm.dylib ??? (???) <d25c63378a5029648ffd4b4669be31bf> /usr/lib/libbsm.dylib 0x9151d000 - 0x915e8fff com.apple.ColorSync 4.5.0 (4.5.0) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x915e9000 - 0x915e9fff com.apple.Carbon 136 (136) <98a5e3bc0c4fa44bbb09713bb88707fe> /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon 0x916ad000 - 0x916adff8 com.apple.Cocoa 6.5 (???) <e064f94d969ce25cb7de3cfb980c3249> /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa 0x916ae000 - 0x916f3fef com.apple.Metadata 10.5.2 (398.7) <73a6424c06effc474e699cde6883de99> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata 0x916f4000 - 0x9182cff7 libicucore.A.dylib ??? (???) <afcea652ff2ec36885b2c81c57d06d4c> /usr/lib/libicucore.A.dylib 0x9182d000 - 0x91c3dfef libBLAS.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0x91c3e000 - 0x91c3effa com.apple.CoreServices 32 (32) <2fcc8f3bd5bbfc000b476cad8e6a3dd2> /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices 0x91c45000 - 0x91c4cfe9 libgcc_s.1.dylib ??? (???) <f53c808e87d1184c0f9df63aef53ce0b> /usr/lib/libgcc_s.1.dylib 0x91c4d000 - 0x91ce0ff3 com.apple.ApplicationServices.ATS 3.2 (???) <cdf31bd0ac7de54a35ee2d27cf86b6be> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0x91ce1000 - 0x91d13fff com.apple.LDAPFramework 1.4.3 (106) <3a5c9df6032143cd6bc2658a9d328d8e> /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP 0x91d19000 - 0x91d95feb com.apple.audio.CoreAudio 3.1.0 (3.1) <70bb7c657061631491029a61babe0b26> /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x91d96000 - 0x91dbefff libcups.2.dylib ??? (???) <2f0a710a9128882efb2ed92ad139b58c> /usr/lib/libcups.2.dylib 0x91dbf000 - 0x91e09fe1 com.apple.securityinterface 3.0 (32532) <f521dae416ce7a3bdd594b0d4e2fb517> /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface 0x91e0a000 - 0x921c8fea libLAPACK.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x921c9000 - 0x92254fff com.apple.framework.IOKit 1.5.1 (???) <a17f9f5ea7e8016a467e67349f4d3d03> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x9234a000 - 0x92377feb libvDSP.dylib ??? (???) <b232c018ddd040ec4e2c2af632dd497f> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x92378000 - 0x92382feb com.apple.audio.SoundManager 3.9.2 (3.9.2) <0f2ba6e891d3761212cf5a5e6134d683> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound 0x925f9000 - 0x92901fff com.apple.HIToolbox 1.5.2 (???) <7449d6f2da33ded6936243a92e307459> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x929a7000 - 0x929e0ffe com.apple.securityfoundation 3.0 (32989) <e9171eda22c69c884a04a001aeb526e0> /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation 0x92af2000 - 0x92bacfe3 com.apple.CoreServices.OSServices 224.4 (224.4) <ff5007ab220908ac54b6c661e447d593> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices 0x92bad000 - 0x92c92ff3 com.apple.CoreData 100.1 (186) <8e28162ef2288692615b52acc01f8b54> /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData 0x92c93000 - 0x92d1fff7 com.apple.LaunchServices 286.5 (286.5) <33c3ae54abb276b61a99d4c764d883e2> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices 0x92d20000 - 0x92d28fff com.apple.DiskArbitration 2.2.1 (2.2.1) <75b0c8d8940a8a27816961dddcac8e0f> /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration 0x92d29000 - 0x92d39ffc com.apple.LangAnalysis 1.6.4 (1.6.4) <cbeb17ab39f28351fe2ab5b82bf465bc> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis 0x92e72000 - 0x93192fe2 com.apple.QuickTime 7.4.5 (67) <520cbf4ae05622466ad1b89f1ba3a4e1> /System/Library/Frameworks/QuickTime.framework/Versions/A/QuickTime 0x93193000 - 0x931bbff7 com.apple.shortcut 1 (1.0) <057783867138902b52bc0941fedb74d1> /System/Library/PrivateFrameworks/Shortcut.framework/Versions/A/Shortcut 0x931bc000 - 0x9368ffde libGLProgrammability.dylib ??? (???) <a3d68f17f37ff55a3e61aca1e3aee522> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLProgrammability.dylib 0x93690000 - 0x93742ffb libcrypto.0.9.7.dylib ??? (???) <330b0e48e67faffc8c22dfc069ca7a47> /usr/lib/libcrypto.0.9.7.dylib 0x93743000 - 0x947f3ff6 com.apple.QuickTimeComponents.component 7.4.5 (67) /System/Library/QuickTime/QuickTimeComponents.component/Contents/MacOS/QuickTimeComponents 0x947f4000 - 0x9482bfff com.apple.SystemConfiguration 1.9.1 (1.9.1) <8a76e429301afe4eba1330bfeaabd9f2> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x9482c000 - 0x94857fe7 libauto.dylib ??? (???) <42d8422dc23a18071869fdf7b5d8fab5> /usr/lib/libauto.dylib 0x94858000 - 0x94878ff2 libGL.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib 0x94879000 - 0x9487bfff com.apple.securityhi 3.0 (30817) <2b2854123fed609d1820d2779e2e0963> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x9487c000 - 0x9487cff8 com.apple.ApplicationServices 34 (34) <8f910fa65f01d401ad8d04cc933cf887> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 0x9487e000 - 0x948bffe7 libRIP.A.dylib ??? (???) <9d42e83d860433f9126c4871d1fe0ce8> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x94a45000 - 0x94a55fff com.apple.speech.synthesis.framework 3.6.59 (3.6.59) <4ffef145fad3d4d787e0c33eab26b336> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x94a56000 - 0x94a56ffb com.apple.installserver.framework 1.0 (8) /System/Library/PrivateFrameworks/InstallServer.framework/Versions/A/InstallServer 0x94c13000 - 0x94c1efe7 libCSync.A.dylib ??? (???) <df82fc093e498a9eb5490761cb292218> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib 0x94c1f000 - 0x94e99fe7 com.apple.Foundation 6.5.4 (677.15) <6216196287f98a65ddb654d04d773e7b> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x94e9a000 - 0x94eb5ffb libPng.dylib ??? (???) <b6abcac36ec7654ff3e1cfa786b0117b> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x94ee7000 - 0x94faeff2 com.apple.vImage 3.0 (3.0) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x94faf000 - 0x9512dfff com.apple.AddressBook.framework 4.1 (687.1) <b2f2f2c925eb080e53b841014e4f9a7c> /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook 0x9512e000 - 0x951b7fe3 com.apple.DesktopServices 1.4.5 (1.4.5) <8b264cd6abbbd750928c637e1247269d> /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x951b8000 - 0x95215ffb libstdc++.6.dylib ??? (???) <04b812dcec670daa8b7d2852ab14be60> /usr/lib/libstdc++.6.dylib 0x95216000 - 0x9521cfff com.apple.print.framework.Print 218.0.2 (220.1) <8bf7ef71216376d12fcd5ec17e43742c> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print 0x9523b000 - 0x9523dfff com.apple.CrashReporterSupport 10.5.0 (156) <3088b785b10d03504ed02f3fee5d3aab> /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Versions/A/CrashReporterSupport 0x9523e000 - 0x958d7fff com.apple.CoreGraphics 1.351.21 (???) <6c93fd21149f389129fe47fa6ef71880> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x958e6000 - 0x95988ff3 com.apple.QuickTimeImporters.component 7.4.5 (67) /System/Library/QuickTime/QuickTimeImporters.component/Contents/MacOS/QuickTimeImporters 0x95989000 - 0x95990ff7 libCGATS.A.dylib ??? (???) <9b29a5500efe01cc3adea67bbc42568e> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib 0x95991000 - 0x9599dfe7 com.apple.opengl 1.5.6 (1.5.6) <d599b1bb0f8a8da6fd125e2587b27776> /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL 0x9599e000 - 0x95a18ff8 com.apple.print.framework.PrintCore 5.5.2 (245.1) <3c9de512e95fbd838694ee5008d56a28> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore 0x95a19000 - 0x95a98ff5 com.apple.SearchKit 1.2.0 (1.2.0) <277b460da86bc222785159fe77e2e2ed> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x95a99000 - 0x95ae9ff7 com.apple.HIServices 1.7.0 (???) <f7e78891a6d08265c83dca8e378be1ea> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x95bbe000 - 0x95bf4fef libtidy.A.dylib ??? (???) <e4d3e7399fb83d7f145f9b4ec8196242> /usr/lib/libtidy.A.dylib 0x95bf5000 - 0x95c33ff7 libGLImage.dylib ??? (???) <090de775838db03ddc710f57abbf6218> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib 0x95eb1000 - 0x95eb1ffc com.apple.audio.units.AudioUnit 1.5 (1.5) /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x95eb2000 - 0x95eb6fff libmathCommon.A.dylib ??? (???) /usr/lib/system/libmathCommon.A.dylib 0x95f08000 - 0x95f08ffd com.apple.vecLib 3.4.2 (vecLib 3.4.2) /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib 0x95f09000 - 0x95f2dfff libxslt.1.dylib ??? (???) <4933ddc7f6618743197aadc85b33b5ab> /usr/lib/libxslt.1.dylib 0x95f2e000 - 0x95f68fff com.apple.coreui 1.1 (61) /System/Library/PrivateFrameworks/CoreUI.framework/Versions/A/CoreUI 0x95f69000 - 0x95f70fff com.apple.agl 3.0.9 (AGL-3.0.9) <7dac4a7cb0de2f6d08ae71c1249379e3> /System/Library/Frameworks/AGL.framework/Versions/A/AGL 0x965c2000 - 0x965e0fff libresolv.9.dylib ??? (???) <0629b6dcd71f4aac6a891cbe26253e85> /usr/lib/libresolv.9.dylib 0x965e1000 - 0x96610fe3 com.apple.AE 402.2 (402.2) <e01596187e91af5d48653920017b8c8e> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x96616000 - 0x96655fef libTIFF.dylib ??? (???) <6d0f80e9d4d81f3f64c876aca005bd53> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x96714000 - 0x96838fe3 com.apple.audio.toolbox.AudioToolbox 1.5.1 (1.5.1) /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x96877000 - 0x96956fff libobjc.A.dylib ??? (???) <a53206274b6c2d42691f677863f379ae> /usr/lib/libobjc.A.dylib 0x96957000 - 0x9695afff com.apple.help 1.1 (36) <b507b08e484cb89033e9cf23062d77de> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help 0x9695b000 - 0x9696affe com.apple.DSObjCWrappers.Framework 1.2.1 (1.2.1) <eac1c7b7c07ed3148c85934b6f656308> /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers 0x96a34000 - 0x96d0dff3 com.apple.CoreServices.CarbonCore 785.8 (785.8) <827c228e7d717b397cdb4941eba69553> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore 0x96d0e000 - 0x96d1dfff libsasl2.2.dylib ??? (???) <b9e1ca0b6612e280b6cbea6df0eec5f6> /usr/lib/libsasl2.2.dylib 0x96d1e000 - 0x96d2cffd libz.1.dylib ??? (???) <5ddd8539ae2ebfd8e7cc1c57525385c7> /usr/lib/libz.1.dylib 0x96d2d000 - 0x96d2dffd com.apple.Accelerate 1.4.2 (Accelerate 1.4.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0x96d2e000 - 0x96d42ff3 com.apple.ImageCapture 4.0 (5.0.0) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x96d78000 - 0x96dd4ff7 com.apple.htmlrendering 68 (1.1.3) <fe87a9dede38db00e6c8949942c6bd4f> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering 0x96dd5000 - 0x96f1aff7 com.apple.ImageIO.framework 2.0.1 (2.0.1) <68ba11e689a9ca30f8310935cd1e02d6> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO 0x96f1b000 - 0x96f5dfef com.apple.NavigationServices 3.5.1 (161) <cc6bd78eabf1e2e7166914e9f12f5850> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices 0x96fad000 - 0x96fcbff3 com.apple.DirectoryService.Framework 3.5.1 (3.5.1) <96407dca4d6b1d10ae5ca1881e31b27a> /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService 0x96fcc000 - 0x97197ff7 com.apple.security 5.0.2 (33001) <0788969ffe7961153219be10786da436> /System/Library/Frameworks/Security.framework/Versions/A/Security 0x97198000 - 0x971a3ff9 com.apple.helpdata 1.0 (14) /System/Library/PrivateFrameworks/HelpData.framework/Versions/A/HelpData 0xba900000 - 0xba916fff libJapaneseConverter.dylib ??? (???) <7b0248c392848338f5d6ed093313eeef> /System/Library/CoreServices/Encodings/libJapaneseConverter.dylib 0xfffe8000 - 0xfffebfff libobjc.A.dylib ??? (???) /usr/lib/libobjc.A.dylib 0xffff0000 - 0xffff1780 libSystem.B.dylib ??? (???) /usr/lib/libSystem.B.dylib

Here is another way to trigger the same ASSERT (possibly a different cause though): <BODY><SCRIPT> document.execCommand('selectall'); document.designMode = 'on'; document.execCommand('insertimage', false, '<script src=https://webkit.org>'); document.execCommand('selectall'); document.execCommand('removeformat'); </SCRIPT>

Created attachment 21319 [details] simpler test case (although possibly different bug) triggering same ASSERT

I expect this might be fixed by http://trac.webkit.org/changeset/34385. I've not tried in a local build yet though.

(In reply to comment #5) > I expect this might be fixed by http://trac.webkit.org/changeset/34385. I've > not tried in a local build yet though. My patch only fixed the prepareBlockquoteLevelForInsertion crasher indirectly, but adjusting particular types of selections that led to the crashes. I'm looking into this bug now...

(In reply to comment #3) > Here is another way to trigger the same ASSERT (possibly a different cause Looks like calling removeFormat will lead to an assert if what is selected returns "" from plainText(...). It's probably OK that the ASSERT continues to happen since plainText() should return a non-empty string for any range selection. The selection is from [hr, 0] to just after the hr. Looking into why we can an empty string...

(In reply to comment #1) > Created an attachment (id=21178) [edit] > 20k lines of editing commands used to produce crash Before I could get to the crash I had to fix two ASSERTs. The first is the one that you attached a reduction for. The second one is: https://bugs.webkit.org/show_bug.cgi?id=19089 which I've just attached a patch for.

(In reply to comment #4) > Created an attachment (id=21319) [edit] > simpler test case (although possibly different bug) triggering same ASSERT Filed https://bugs.webkit.org/show_bug.cgi?id=19403 to cover this ASSERT.

Created attachment 21521 [details] patch

Comment on attachment 21521 [details] patch r=me