RESOLVED FIXED254302
Assertion failure in compositeeditcommand::moveParagraphs 
https://bugs.webkit.org/show_bug.cgi?id=254302
Summary Assertion failure in compositeeditcommand::moveParagraphs
Ryosuke Niwa
Reported 2023-03-22 17:14:57 PDT
e.g. 0 JavaScriptCore 0x31455f0de WTFCrash + 14 (Assertions.cpp:327) 1 WebCore 0x32bc3dc4b WTFCrashWithInfo(int, char const*, char const*, int) + 27 (Assertions.h:758) 2 WebCore 0x32f8472ad WebCore::CompositeEditCommand::moveParagraphs(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, bool, bool) + 2045 (CompositeEditCommand.cpp:1513) 3 WebCore 0x32f8ccf6f WebCore::InsertListCommand::unlistifyParagraph(WebCore::VisiblePosition const&, WebCore::HTMLElement&, WebCore::Node*) + 2047 (InsertListCommand.cpp:351) 4 WebCore 0x32f8cc5d6 WebCore::InsertListCommand::doApplyForSingleParagraph(bool, WebCore::HTMLQualifiedName const&, WebCore::SimpleRange&) + 2006 (InsertListCommand.cpp:283) 5 WebCore 0x32f8cbdc7 WebCore::InsertListCommand::doApply() + 2503 (InsertListCommand.cpp:209) 6 WebCore 0x32f82e5af WebCore::CompositeEditCommand::apply() + 431 (CompositeEditCommand.cpp:398) 7 WebCore 0x32f8b433d WebCore::executeInsertOrderedList(WebCore::LocalFrame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) + 157 (EditorCommand.cpp:519) 8 WebCore 0x32f88a6b4 WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const + 212 (EditorCommand.cpp:1923) 9 WebCore 0x32f57b6b9 WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) + 265 (Document.cpp:6096) 10 WebCore 0x32c8a3bb9 WebCore::jsDocumentPrototypeFunction_execCommandBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDocument*) + 1593 (JSDocument.cpp:6449) 11 WebCore 0x32c8a354e long long WebCore::IDLOperation<WebCore::JSDocument>::call<&WebCore::jsDocumentPrototypeFunction_execCommandBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDocument*), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) + 670 (JSDOMOperation.h:63) 12 WebCore 0x32c88cf94 WebCore::jsDocumentPrototypeFunction_execCommand(JSC::JSGlobalObject*, JSC::CallFrame*) + 36 (JSDocument.cpp:6454) 13 ??? 0x2b27c620c038 ??? 14 JavaScriptCore 0x314d079cd llint_entry + 148297 (LowLevelInterpreter.asm:1191) 15 JavaScriptCore 0x314d079cd llint_entry + 148297 (LowLevelInterpreter.asm:1191) 16 JavaScriptCore 0x314ce337d vmEntryToJavaScript + 286 (LowLevelInterpreter64.asm:368) 17 JavaScriptCore 0x315e0777b JSC::Interpreter::executeCallImpl(JSC::VM&, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1627 (Interpreter.cpp:1117) 18 JavaScriptCore 0x315e07880 JSC::Interpreter::executeCall(JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 112 (Interpreter.cpp:1126) 19 JavaScriptCore 0x3160b0dfd JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 205 (CallData.cpp:57) 20 JavaScriptCore 0x3160b0edd JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 205 (CallData.cpp:64) 21 JavaScriptCore 0x3160b119d JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 125 (CallData.cpp:85) 22 WebCore 0x32ed1d26c WebCore::JSExecState::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 252 (JSExecState.h:91) 23 WebCore 0x32ed41185 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 2149 (JSEventListener.cpp:220) 24 WebCore 0x32f68afae WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::RawPtrTraits<WebCore::RegisteredEventListener>, WTF::DefaultRefDerefTraits<WebCore::RegisteredEventListener>>, 1ul, WTF::CrashOnOverflow, 2ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase) + 1022 (EventTarget.cpp:375) 25 WebCore 0x32f67dd6b WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) + 395 (EventTarget.cpp:307) 26 WebCore 0x33035dbd9 WebCore::DOMWindow::dispatchEvent(WebCore::Event&, WebCore::EventTarget*) + 505 (DOMWindow.cpp:2384) 27 WebCore 0x330368add WebCore::DOMWindow::dispatchLoadEvent() + 429 (DOMWindow.cpp:2332) 28 WebCore 0x32f567a04 WebCore::Document::dispatchWindowLoadEvent() + 132 (Document.cpp:5321) 29 WebCore 0x32f5675cd WebCore::Document::implicitClose() + 621 (Document.cpp:3344) <rdar://103107013>
Attachments
Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1 2023-03-22 17:33:30 PDT
Pull request: https://github.com/WebKit/WebKit/pull/11840
EWS
Comment 2 2023-03-22 20:53:46 PDT
Committed 262001@main (313f87a7b574): <https://commits.webkit.org/262001@main> Reviewed commits have been landed. Closing PR #11840 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.