Bug 224587 - Crash in ReplaceSelectionCommand::mergeEndIfNeeded()
Summary: Crash in ReplaceSelectionCommand::mergeEndIfNeeded()
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: HTML Editing (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-04-14 16:31 PDT by Julian Gonzalez
Modified: 2021-04-15 15:34 PDT (History)
4 users (show)

See Also:

Attachments
Patch (4.31 KB, patch)
2021-04-14 16:58 PDT, Julian Gonzalez 		no flags Details | Formatted Diff | Diff
Patch (4.24 KB, patch)
2021-04-14 19:27 PDT, Julian Gonzalez 		no flags Details | Formatted Diff | Diff
Patch (4.32 KB, patch)
2021-04-15 14:06 PDT, Julian Gonzalez 		no flags Details | Formatted Diff | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Julian Gonzalez 2021-04-14 16:31:46 PDT 
e.g.

    #0 0x7a80b00f1 in WebCore::Node::parentNode() const+0x21
    #1 0x7abb28ecd in WebCore::CompositeEditCommand::insertNodeBefore(WTF::Ref<WebCore::Node, WTF::RawPtrTraits<WebCore::Node> >&&, WebCore::Node&, WebCore::ShouldAssumeContentIsAlwaysEditable)+0xbd
    #2 0x7abc158cf in WebCore::ReplaceSelectionCommand::mergeEndIfNeeded()+0x36f
    #3 0x7abc18fb9 in WebCore::ReplaceSelectionCommand::doApply()+0x2f29
    #4 0x7abb132d6 in WebCore::CompositeEditCommand::apply()+0x216
    #5 0x7abbd77a9 in WebCore::executeInsertFragment(WebCore::Frame&, WTF::Ref<WebCore::DocumentFragment, WTF::RawPtrTraits<WebCore::DocumentFragment> >&&)+0x159
    #6 0x7abbd7ac0 in WebCore::executeInsertNode(WebCore::Frame&, WTF::Ref<WebCore::Node, WTF::RawPtrTraits<WebCore::Node> >&&)+0x160

<rdar://problem/75220536>
Comment 1 Julian Gonzalez 2021-04-14 16:58:03 PDT 
Created attachment 426062 [details]
Patch
Comment 2 Julian Gonzalez 2021-04-14 19:27:38 PDT 
Created attachment 426069 [details]
Patch
Comment 3 Ryosuke Niwa 2021-04-14 20:14:08 PDT 
Comment on attachment 426069 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=426069&action=review

> Source/WebCore/editing/ReplaceSelectionCommand.cpp:984
> +    if (startOfInsertedContent.isNull() || endOfInsertedContent.isNull())

Can we add this assertion here?
ASSERT(startOfInsertedContent.isNull() == endOfInsertedContent.isNull());
Comment 4 Julian Gonzalez 2021-04-15 10:58:23 PDT 
(In reply to Ryosuke Niwa from comment #3)
> Comment on attachment 426069 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=426069&action=review
> 
> > Source/WebCore/editing/ReplaceSelectionCommand.cpp:984
> > +    if (startOfInsertedContent.isNull() || endOfInsertedContent.isNull())
> 
> Can we add this assertion here?
> ASSERT(startOfInsertedContent.isNull() == endOfInsertedContent.isNull());

Above the if? (i.e. unconditionally?)
Comment 5 Julian Gonzalez 2021-04-15 14:06:52 PDT 
Created attachment 426135 [details]
Patch
Comment 6 EWS 2021-04-15 15:34:40 PDT 
Committed r276078 (236591@main): <https://commits.webkit.org/236591@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 426135 [details].