RESOLVED FIXED 224587
Crash in ReplaceSelectionCommand::mergeEndIfNeeded() 
https://bugs.webkit.org/show_bug.cgi?id=224587
Summary Crash in ReplaceSelectionCommand::mergeEndIfNeeded()
Julian Gonzalez
Reported 2021-04-14 16:31:46 PDT
e.g. #0 0x7a80b00f1 in WebCore::Node::parentNode() const+0x21 #1 0x7abb28ecd in WebCore::CompositeEditCommand::insertNodeBefore(WTF::Ref<WebCore::Node, WTF::RawPtrTraits<WebCore::Node> >&&, WebCore::Node&, WebCore::ShouldAssumeContentIsAlwaysEditable)+0xbd #2 0x7abc158cf in WebCore::ReplaceSelectionCommand::mergeEndIfNeeded()+0x36f #3 0x7abc18fb9 in WebCore::ReplaceSelectionCommand::doApply()+0x2f29 #4 0x7abb132d6 in WebCore::CompositeEditCommand::apply()+0x216 #5 0x7abbd77a9 in WebCore::executeInsertFragment(WebCore::Frame&, WTF::Ref<WebCore::DocumentFragment, WTF::RawPtrTraits<WebCore::DocumentFragment> >&&)+0x159 #6 0x7abbd7ac0 in WebCore::executeInsertNode(WebCore::Frame&, WTF::Ref<WebCore::Node, WTF::RawPtrTraits<WebCore::Node> >&&)+0x160 <rdar://problem/75220536>
Attachments
Patch (4.31 KB, patch)
2021-04-14 16:58 PDT, Julian Gonzalez 		no flags
DetailsFormatted DiffDiff
Patch (4.24 KB, patch)
2021-04-14 19:27 PDT, Julian Gonzalez 		no flags
DetailsFormatted DiffDiff
Patch (4.32 KB, patch)
2021-04-15 14:06 PDT, Julian Gonzalez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Julian Gonzalez
Comment 1 2021-04-14 16:58:03 PDT
Created attachment 426062 [details] Patch
Julian Gonzalez
Comment 2 2021-04-14 19:27:38 PDT
Created attachment 426069 [details] Patch
Ryosuke Niwa
Comment 3 2021-04-14 20:14:08 PDT
Comment on attachment 426069 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=426069&action=review > Source/WebCore/editing/ReplaceSelectionCommand.cpp:984 > + if (startOfInsertedContent.isNull() || endOfInsertedContent.isNull()) Can we add this assertion here? ASSERT(startOfInsertedContent.isNull() == endOfInsertedContent.isNull());
Julian Gonzalez
Comment 4 2021-04-15 10:58:23 PDT
(In reply to Ryosuke Niwa from comment #3) > Comment on attachment 426069 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=426069&action=review > > > Source/WebCore/editing/ReplaceSelectionCommand.cpp:984 > > + if (startOfInsertedContent.isNull() || endOfInsertedContent.isNull()) > > Can we add this assertion here? > ASSERT(startOfInsertedContent.isNull() == endOfInsertedContent.isNull()); Above the if? (i.e. unconditionally?)
Julian Gonzalez
Comment 5 2021-04-15 14:06:52 PDT
Created attachment 426135 [details] Patch
EWS
Comment 6 2021-04-15 15:34:40 PDT
Committed r276078 (236591@main): <https://commits.webkit.org/236591@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 426135 [details].
Note You need to log in before you can comment on or make changes to this bug.