RESOLVED FIXED 220955
Crash from CompositeEditCommand::moveParagraphs() using Position instead of VisiblePosition 
https://bugs.webkit.org/show_bug.cgi?id=220955
Summary Crash from CompositeEditCommand::moveParagraphs() using Position instead of V...
Julian Gonzalez
Reported 2021-01-25 15:22:18 PST
frame #0: WebCore`WebCore::makeBoundaryPoint(WebCore::VisiblePosition const&)+81 frame #1: WebCore`decltype(makeSimpleRangeHelper(makeBoundaryPointHelper(std::forward<WebCore::VisiblePosition const&>(fp)), makeBoundaryPointHelper(std::forward<WebCore::VisiblePosition&>(fp)))) WebCore::makeSimpleRange<WebCore::VisiblePosition const&, WebCore::VisiblePosition&>(WebCore::VisiblePosition const&, WebCore::VisiblePosition&)+26 frame #2: WebCore`WebCore::CompositeEditCommand::moveParagraphs(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, bool, bool)+403 frame #3: WebCore`WebCore::InsertListCommand::doApplyForSingleParagraph(bool, WebCore::HTMLQualifiedName const&, WebCore::SimpleRange&)+7504 frame #4: WebCore`WebCore::InsertListCommand::doApply()+7534 frame #5: WebCore`WebCore::CompositeEditCommand::applyCommandToComposite(WTF::Ref<WebCore::EditCommand, WTF::DumbPtrTraits<WebCore::EditCommand> >&&)+79 frame #6: WebCore`WebCore::IndentOutdentCommand::outdentParagraph()+690 frame #7: WebCore`WebCore::IndentOutdentCommand::formatSelection(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&)+220 frame #8: WebCore`WebCore::ApplyBlockElementCommand::doApply()+1256 frame #9: WebCore`WebCore::CompositeEditCommand::apply()+500 frame #10: WebCore`WebCore::executeOutdent(WebCore::Frame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&)+229 frame #11: WebCore`WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&)+77 The call to makeSimpleRange(start, end) requires non-null VisiblePositions - not non-null Positions. Similar to bug 220630 <rdar://problem/70880426>
Attachments
Patch (4.79 KB, patch)
2021-01-25 15:30 PST, Julian Gonzalez 		no flags
DetailsFormatted DiffDiff
Patch (4.52 KB, patch)
2021-01-27 17:19 PST, Julian Gonzalez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Julian Gonzalez
Comment 1 2021-01-25 15:30:02 PST
Created attachment 418346 [details] Patch
Julian Gonzalez
Comment 2 2021-01-25 17:48:51 PST
Test failures here look legitimate (though I can't reproduce them locally). I'll keep working on this.
Ryosuke Niwa
Comment 3 2021-01-25 17:58:25 PST
Comment on attachment 418346 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=418346&action=review > LayoutTests/editing/inserting/paragraph-outdent-animationframe-crash.html:20 > + document.execCommand("selectAll", false); > + window.requestAnimationFrame(dooutdent); I think the test failure comes from this code running after this test had finished running. You need to add testRunner.waitUntilDone where you call dumpAsText, and call testRunner.notifyDone when the test is done running perhaps at the end of dooutdent? Be sure to verify that the crash still reproduces without the fix if you made those changes to the test.
Julian Gonzalez
Comment 4 2021-01-27 17:13:28 PST
(In reply to Ryosuke Niwa from comment #3) > Comment on attachment 418346 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=418346&action=review > > > LayoutTests/editing/inserting/paragraph-outdent-animationframe-crash.html:20 > > + document.execCommand("selectAll", false); > > + window.requestAnimationFrame(dooutdent); > > I think the test failure comes from this code running after this test had > finished running. > You need to add testRunner.waitUntilDone where you call dumpAsText, > and call testRunner.notifyDone when the test is done running perhaps at the > end of dooutdent? > Be sure to verify that the crash still reproduces without the fix if you > made those changes to the test. This ended up being a little more complicated, but Ryosuke figured it out. Thanks to him for cleaning the test up!
Julian Gonzalez
Comment 5 2021-01-27 17:19:02 PST
Created attachment 418602 [details] Patch
Ryosuke Niwa
Comment 6 2021-01-28 02:55:21 PST
Comment on attachment 418602 [details] Patch Looks good.
EWS
Comment 7 2021-01-28 02:58:29 PST
Committed r272008: <https://trac.webkit.org/changeset/272008> All reviewed patches have been landed. Closing bug and clearing flags on attachment 418602 [details].
Note You need to log in before you can comment on or make changes to this bug.