24397 – CRASH on Hotmail at WebCore::ApplyStyleCommand::splitTextElementAtStartIfNeeded

Bug 24397 - CRASH on Hotmail at WebCore::ApplyStyleCommand::splitTextElementAtStartIfNeeded

Summary: CRASH on Hotmail at WebCore::ApplyStyleCommand::splitTextElementAtStartIfNeeded

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC Windows XP

Importance:	P1 Normal
Assignee:	Nobody

URL:
Keywords:	NeedsReduction, Regression

Depends on:
Blocks:

Reported:	2009-03-05 12:08 PST by ocampo
Modified:	2009-09-04 15:46 PDT (History)
CC List:	5 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description ocampo 2009-03-05 12:08:47 PST

What steps will reproduce the problem?
1. Sign into your hotmail account
2. Create a new email
3. Click on the textarea where you enter your email message so the cursor
is positioned at the very first space of the textarea. (Don't type anything
or enter any spaces)
4. Click on any of the paragraph formatting icons (i.e. justify left,
justify center or justify right)

tested with Safari with latest webkit (41379)

Here's the stacktrace:

ChildEBP RetAddr  
00dcecd4 016abdd8
chrome_1000000!WebCore::ApplyStyleCommand::splitTextElementAtStartIfNeeded+0xd
[c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\editing\applystylecommand.cpp
@ 1317]
00dced50 016ad80c
chrome_1000000!WebCore::ApplyStyleCommand::applyInlineStyle+0x148
[c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\editing\applystylecommand.cpp
@ 725]
00dced70 016807a1 chrome_1000000!WebCore::ApplyStyleCommand::doApply+0xfc
[c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\editing\applystylecommand.cpp
@ 381]
00dced80 0177f2a9 chrome_1000000!WebCore::EditCommand::apply+0x61
[c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\editing\editcommand.cpp
@ 93]
00dced90 0177f329
chrome_1000000!WebCore::CompositeEditCommand::applyCommandToComposite+0x19
[c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\editing\compositeeditcommand.cpp
@ 99]
00dceda4 017824e0
chrome_1000000!WebCore::CompositeEditCommand::applyStyle+0x39
[c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\editing\compositeeditcommand.cpp
@ 105]
00dcee90 01782edd
chrome_1000000!WebCore::CompositeEditCommand::moveParagraphs+0xb80
[c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\editing\compositeeditcommand.cpp
@ 859]
00dcef18 016aa0b2
chrome_1000000!WebCore::CompositeEditCommand::moveParagraphContentsToNewBlockIfNecessary+0x35d
[c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\editing\compositeeditcommand.cpp
@ 686]
00dcf014 016ad739
chrome_1000000!WebCore::ApplyStyleCommand::applyBlockStyle+0x5c2
[c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\editing\applystylecommand.cpp
@ 431]
00dcf02c 016807a1 chrome_1000000!WebCore::ApplyStyleCommand::doApply+0x29
[c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\editing\applystylecommand.cpp
@ 386]
00dcf03c 016809ce chrome_1000000!WebCore::EditCommand::apply+0x61
[c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\editing\editcommand.cpp
@ 93]
00dcf048 01664e7c chrome_1000000!WebCore::applyCommand+0xe
[c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\editing\editcommand.cpp
@ 228]
00dcf05c 01682fde chrome_1000000!WebCore::Editor::applyParagraphStyle+0x4c
[c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\editing\editor.cpp
@ 741]
00dcf070 01684349 chrome_1000000!WebCore::executeApplyParagraphStyle+0x4e
[c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\editing\editorcommand.cpp
@ 162]
00dcf090 01683600 chrome_1000000!WebCore::executeJustifyLeft+0x29
[c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\editing\editorcommand.cpp
@ 535]
00dcf0b0 015f05a7 chrome_1000000!WebCore::Editor::Command::execute+0x90
[c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\editing\editorcommand.cpp
@ 1450]
00dcf0d8 0123eb58 chrome_1000000!WebCore::Document::execCommand+0x57
[c:\b\slave\chromium-rel-xp\build\src\third_party\webkit\webcore\dom\document.cpp
@ 3390]
00dcf104 0136ce4f
chrome_1000000!WebCore::DocumentInternal::execCommandCallback+0xd8
[c:\b\slave\chromium-rel-xp\build\src\chrome\release\obj\v8bindings\derivedsources\v8document.cpp
@ 654]
00dcf204 01c6016c chrome_1000000!v8::internal::Builtin_HandleApiCall+0x1cf
[c:\b\slave\chromium-rel-xp\build\src\v8\src\builtins.cc @ 380]
WARNING: Frame IP not in any known module. Following frames may be wrong.
00dcf21c 01d85b0d 0x1c6016c

Comment 1 Eric Seidel (no email) 2009-06-22 16:47:04 PDT

This crash only recently started appearing in Chromium crash reports, so I can only assume it's a regression.

Comment 2 Eric Seidel (no email) 2009-06-22 16:48:21 PDT

http://code.google.com/p/chromium/issues/detail?id=8413 is the Chromium bug.

Comment 3 Ryosuke Niwa 2009-08-06 14:37:13 PDT

This bug does not seem to reproduce anymore on TOT.  I think Hotmail changed its behavior rather than WebKit bug being fixed because I tried on three different generations of WebKit and didn't reproduce on any of them.

Comment 4 Alexey Proskuryakov 2009-09-04 15:46:57 PDT

Looks like we cannot do anything about this bug now, resolving.