REGRESSION(288559@main): [Win] editing/execCommand/paste-and-match-style-event.html is crashing After 288559@main, Windows Debug layout test is crashing Regressions: Unexpected crashes (1) editing/execCommand/paste-and-match-style-event.html [ Crash ] # Child-SP RetAddr Call Site 00 00000068`42ffc6f0 00007ffe`053268c7 WebCore!std::reference_wrapper<WebCore::Document>::get(void)+0x9 [C:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\VC\Tools\MSVC\14.42.34433\include\type_traits @ 2022] 01 00000068`42ffc700 00007ffe`053264fb WebCore!WebCore::TreeScope::documentScope(void)+0x17 [C:\BW\work\build\Source\WebCore\dom\TreeScope.h @ 101] 02 00000068`42ffc730 00007ffe`05389f4f WebCore!WebCore::Node::document(void)+0x1b [C:\BW\work\build\Source\WebCore\dom\Node.h @ 408] 03 00000068`42ffc760 00007ffe`086a57a5 WebCore!WebCore::Pasteboard::writeSelection(struct WebCore::SimpleRange * selectedRange = 0x00000068`42ffc968, bool canSmartCopyOrDelete = false, class WebCore::LocalFrame * frame = 0x0000020d`a7408790, WebCore::ShouldSerializeSelectedTextForDataTransfer shouldSerializeSelectedTextForDataTransfer = IncludeImageAltTextForDataTransfer (0n1))+0x7f [C:\BW\work\build\Source\WebCore\platform\win\PasteboardWin.cpp @ 516] 04 00000068`42ffc810 00007ffe`086a59a7 WebCore!WebCore::Editor::performCutOrCopy(WebCore::Editor::EditorActionSpecifier action = CopyAction (0n1))+0x3f5 [C:\BW\work\build\Source\WebCore\editing\Editor.cpp @ 1614] 05 00000068`42ffc9a0 00007ffe`086c967a WebCore!WebCore::Editor::copy(WebCore::Editor::FromMenuOrKeyBinding fromMenuOrKeyBinding = No (0n0))+0x97 [C:\BW\work\build\Source\WebCore\editing\Editor.cpp @ 1545] 06 00000068`42ffca00 00007ffe`086a77ae WebCore!WebCore::executeCopy(class WebCore::LocalFrame * frame = 0x0000020d`a7408790, WebCore::EditorCommandSource source = DOM (0n1))+0x3a [C:\BW\work\build\Source\WebCore\editing\EditorCommand.cpp @ 244] 07 00000068`42ffca50 00007ffe`08323790 WebCore!WebCore::Editor::Command::execute(class WTF::String * parameter = 0x00000068`42ffcb40, class WebCore::Event * triggeringEvent = 0x00000000`00000000)+0x12e [C:\BW\work\build\Source\WebCore\editing\EditorCommand.cpp @ 1916] 08 00000068`42ffcae0 00007ffe`05b2d079 WebCore!WebCore::Document::execCommand(class WTF::String * commandName = 0x00000068`42ffcc68, bool userInterface = false, class std::variant<WTF::String,WTF::RefPtr<WebCore::TrustedHTML,WTF::RawPtrTraits<WebCore::TrustedHTML>,WTF::DefaultRefDerefTraits<WebCore::TrustedHTML> > > * value = 0x00000068`42ffcc70 { index=0, value={...} })+0x1d0 [C:\BW\work\build\Source\WebCore\dom\Document.cpp @ 7234] 09 00000068`42ffcbf0 00007ffe`05b2ccfd WebCore!WebCore::jsDocumentPrototypeFunction_execCommandBody(class JSC::JSGlobalObject * lexicalGlobalObject = 0x0000020d`ea09cd58, class JSC::CallFrame * callFrame = 0x00000068`42ffcf30, class WebCore::JSDocument * castedThis = 0x0000020d`ea09aaa8)+0x339 [C:\BW\work\build\WebKitBuild\Debug\WebCore\DerivedSources\JSDocument.cpp @ 6536] 0a 00000068`42ffce00 00007ffe`05b1f604 WebCore!WebCore::IDLOperation<WebCore::JSDocument>::call<&WebCore::jsDocumentPrototypeFunction_execCommandBody,0>(class JSC::JSGlobalObject * lexicalGlobalObject = 0x0000020d`ea09cd58, class JSC::CallFrame * callFrame = 0x00000068`42ffcf30, char * operationName = 0x00007ffe`0aa883e3 "execCommand")+0x29d [C:\BW\work\build\Source\WebCore\bindings\js\JSDOMOperation.h @ 63] 0b 00000068`42ffcef0 0000020d`a9bd11b8 WebCore!WebCore::jsDocumentPrototypeFunction_execCommand(class JSC::JSGlobalObject * lexicalGlobalObject = 0x0000020d`ea09cd58, class JSC::CallFrame * callFrame = 0x00000068`42ffcf30)+0x24 [C:\BW\work\build\WebKitBuild\Debug\WebCore\DerivedSources\JSDocument.cpp @ 6541] 0c 00000068`42ffcf30 00000068`42ffcfa0 0x0000020d`a9bd11b8 0d 00000068`42ffcf38 00007ffe`01255486 0x00000068`42ffcfa0 0e 00000068`42ffcf40 00000000`00000000 JavaScriptCore!llint_entry+0x2414a