Created attachment 45652 [details] Repro Id: WebCore::positionInParentBeforeNode ReadAV@NULL (98882320ea2b731f10f353b23849bd6a) Description: Attempt to read from NULL pointer (+0xC) in WebCore::positionInParentBeforeNode Stack: WebCore::positionInParentBeforeNode WebCore::InsertTextCommand::input WebCore::TypingCommand::insertTextRunWithoutNewlines WebCore::TypingCommand::insertText WebCore::TypingCommand::doApply WebCore::EditCommand::apply WebCore::applyCommand WebCore::TypingCommand::insertText WebCore::TypingCommand::insertText WebCore::executeInsertText WebCore::Editor::Command::execute WebCore::Document::execCommand WebCore::DocumentInternal::execCommandCallback v8::internal::Builtin_HandleApiCall v8::internal::Invoke v8::internal::Execution::Call v8::Script::Run WebCore::V8Proxy::runScript WebCore::V8Proxy::evaluate WebCore::ScriptController::evaluate WebCore::ScriptController::executeScript WebCore::ScriptController::executeScript WebCore::ScriptController::executeIfJavaScriptURL WebCore::FrameLoader::changeLocation WebCore::RedirectScheduler::timerFired WebCore::Timer<...>::fired WebCore::ThreadTimers::sharedTimerFiredInternal MessageLoop::RunTask MessageLoop::DoWork base::MessagePumpDefault::Run MessageLoop::RunInternal MessageLoop::Run RendererMain Event details Processes 0 id: df8 create name: chrome.exe . 1 id: 9d4 child name: chrome.exe Threads . 12 Id: 9d4.51c Suspend: 1 Teb: 7ffdf000 Unfrozen "Main Thread" 14 Id: 9d4.774 Suspend: 1 Teb: 7ffde000 Unfrozen 15 Id: 9d4.930 Suspend: 1 Teb: 7ffdd000 Unfrozen "Chrome_ChildIOThread" 16 Id: 9d4.a94 Suspend: 1 Teb: 7ffdc000 Unfrozen ExceptionAddress 0248fbba (chrome_1c30000!WebCore::positionInParentBeforeNode+0x0000000a) ExceptionCode c0000005 (Access violation) ExceptionFlags 00000000 NumberParameters 2 Parameter[0] 00000000 Parameter[1] 0000000c Attempt to read from address 0000000c
Created attachment 45653 [details] Repro
I am also seeing this crash for this case: Id: WebCore::InsertTextCommand::prepareForTextInsertion ReadAV@NULL (1ac71298082910ad4b85996091be4ef8) Description: Attempt to read from NULL pointer (+0x25) in WebCore::InsertTextCommand::prepareForTextInsertion Stack: WebCore::InsertTextCommand::prepareForTextInsertion WebCore::InsertTextCommand::input WebCore::TypingCommand::insertTextRunWithoutNewlines WebCore::TypingCommand::insertText WebCore::TypingCommand::doApply WebCore::EditCommand::apply WebCore::applyCommand WebCore::TypingCommand::insertText WebCore::TypingCommand::insertText WebCore::executeInsertText WebCore::Editor::Command::execute WebCore::Document::execCommand WebCore::DocumentInternal::execCommandCallback v8::internal::Builtin_HandleApiCall v8::internal::Invoke v8::internal::Execution::Call v8::Script::Run WebCore::V8Proxy::runScript WebCore::V8Proxy::evaluate WebCore::ScriptController::evaluate WebCore::ScriptController::executeScript WebCore::ScriptController::executeScript WebCore::ScriptController::executeIfJavaScriptURL WebCore::FrameLoader::changeLocation WebCore::RedirectScheduler::timerFired WebCore::Timer<...>::fired WebCore::ThreadTimers::sharedTimerFiredInternal MessageLoop::RunTask MessageLoop::DoWork base::MessagePumpDefault::Run MessageLoop::RunInternal MessageLoop::Run RendererMain
http://skypher.com/SkyLined/Repro/WebKit/Bug%2033049%20-%20WebCore..positionInParentBeforeNode%20ReadAV@NULL%20(98882320ea2b731f10f353b23849bd6a)/repro2.html
Mike Moretti claims there is a problem with "Undo" after "designmode off". https://bugs.webkit.org/show_bug.cgi?id=32822 I am assuming this is a variation of that problem. *** This bug has been marked as a duplicate of bug 32823 ***