Bug 37197 - Crash with -webkit-user-select and contenteditables
Summary: Crash with -webkit-user-select and contenteditables
Status: RESOLVED DUPLICATE of bug 39989
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC OS X 10.5
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-04-07 03:10 PDT by Kalle Vahlman
Modified: 2010-06-06 05:51 PDT (History)
0 users

See Also:

Attachments
A QtWebKit test program for the crash (551 bytes, text/x-c++src)
2010-04-07 03:10 PDT, Kalle Vahlman 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kalle Vahlman 2010-04-07 03:10:34 PDT 
Created attachment 52721 [details]
A QtWebKit test program for the crash

Using this snippet of CSS as the user CSS:

* {
-webkit-user-select: none !important;
}

*[contenteditable],
*[contenteditable=true] {
-webkit-user-select: text !important;
}

and the rich text tests of browserscope at

 http://www.browserscope.org/richtext/test

makes WebKit crash with a backtrace like

#0  0xb6d98c39 in WebCore::ApplyStyleCommand::splitTextElementAtEndIfNeeded(WebCore::Position const&, WebCore::Position const&) ()
   from WebKitBuild/Release/lib/libQtWebKit.so.4
#1  0xb6da1aa8 in WebCore::ApplyStyleCommand::applyInlineStyle(WebCore::CSSMutableStyleDeclaration*) () from WebKitBuild/Release/lib/libQtWebKit.so.4
#2  0xb6da36c3 in WebCore::ApplyStyleCommand::doApply() ()
   from WebKitBuild/Release/lib/libQtWebKit.so.4
#3  0xb6dba7e2 in WebCore::EditCommand::apply() ()
   from WebKitBuild/Release/lib/libQtWebKit.so.4
#4  0xb6dbd2df in WebCore::Editor::applyStyle(WebCore::CSSStyleDeclaration*, WebCore::EditAction) () from WebKitBuild/Release/lib/libQtWebKit.so.4
#5  0xb6dc70d4 in WebCore::applyCommandToFrame(WebCore::Frame*, WebCore::EditorCommandSource, WebCore::EditAction, WebCore::CSSMutableStyleDeclaration*) ()
   from WebKitBuild/Release/lib/libQtWebKit.so.4
#6  0xb6dc9735 in WebCore::executeApplyStyle(WebCore::Frame*, WebCore::EditorCommandSource, WebCore::EditAction, int, WebCore::String const&) ()
   from WebKitBuild/Release/lib/libQtWebKit.so.4
#7  0xb6dc6fbe in WebCore::Editor::Command::execute(WebCore::String const&, WebCore::Event*) const () from WebKitBuild/Release/lib/libQtWebKit.so.4
#8  0xb6d2e7f9 in WebCore::Document::execCommand(WebCore::String const&, bool, WebCore::String const&) () from WebKitBuild/Release/lib/libQtWebKit.so.4
#9  0xb68c1a58 in WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::ExecState*, JSC::JSObject*, JSC::JSValue, JSC::ArgList const&) ()
Comment 1 Alexey Proskuryakov 2010-06-02 11:33:20 PDT 
Can this be reproduced in a browser?

See also: bug 39989.
Comment 2 Kalle Vahlman 2010-06-06 05:51:27 PDT 
(In reply to comment #1)
> Can this be reproduced in a browser?

Yes, for example Google Chrome 6.0.414.0 (48010) on Ubuntu exhibits this crash after pasting the snippet to $profile/User StyleSheets/Custom.css

> See also: bug 39989.

Judging from the description and backtrace, these bugs are quite likely the same.

Although this bug is older, I'll mark this as dupe of bug 39989 since it has a better testcase.

*** This bug has been marked as a duplicate of bug 39989 ***