Bug 50447 - chrome.dll!WebCore::AppendNodeCommand::AppendNodeCommand ReadAV@NULL (3c69c96576a9146f251ce6b27fed9737)
Summary: chrome.dll!WebCore::AppendNodeCommand::AppendNodeCommand ReadAV@NULL (3c69c96...
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: HTML Editing (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Windows Vista
: P1 Normal
Assignee: Nobody
URL: http://code.google.com/p/chromium/iss...
Keywords:
Depends on:
Blocks:
 
Reported: 2010-12-03 02:06 PST by Berend-Jan Wever
Modified: 2011-10-02 20:12 PDT (History)
4 users (show)

See Also:

Attachments
Repro (398 bytes, application/xhtml+xml)
2010-12-03 02:06 PST, Berend-Jan Wever 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Berend-Jan Wever 2010-12-03 02:06:32 PST 
Created attachment 75478 [details]
Repro

Repro:
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <style>
       *:before{
          content: ""ou
       }
    </style>
    <script>
      function go() {
        document.execCommand("SelectAll",false);
        document.execCommand("Indent",false);
      }
    </script>
  </head>
  <body onload="go()" contenteditable="true">
    <canvas></canvas>
    <ul><li></li></ul>
  </body>
</html>

id:             chrome.dll!WebCore::AppendNodeCommand::AppendNodeCommand ReadAV@NULL (3c69c96576a9146f251ce6b27fed9737)
description:    Attempt to read from unallocated NULL pointer+0x14 in chrome.dll!WebCore::AppendNodeCommand::AppendNodeCommand
application:    Chromium 9.0.598.0
stack:          chrome.dll!WebCore::AppendNodeCommand::AppendNodeCommand
                chrome.dll!WebCore::AppendNodeCommand::create
                chrome.dll!WebCore::CompositeEditCommand::appendNode
                chrome.dll!WebCore::CompositeEditCommand::cloneParagraphUnderNewElement
                chrome.dll!WebCore::CompositeEditCommand::moveParagraphWithClones
                chrome.dll!WebCore::IndentOutdentCommand::indentIntoBlockquote
                chrome.dll!WebCore::IndentOutdentCommand::formatRange
                chrome.dll!WebCore::ApplyBlockElementCommand::formatSelection
                chrome.dll!WebCore::ApplyBlockElementCommand::doApply
                chrome.dll!WebCore::EditCommand::apply
                chrome.dll!WebCore::applyCommand
                chrome.dll!WebCore::executeIndent
                chrome.dll!WebCore::Editor::Command::execute
                chrome.dll!WebCore::Document::execCommand
                chrome.dll!WebCore::DocumentInternal::execCommandCallback
                chrome.dll!v8::internal::HandleApiCallHelper<...>
                chrome.dll!v8::internal::Builtin_HandleApiCall
                chrome.dll!v8::internal::Invoke
                chrome.dll!v8::internal::Execution::Call
                ...
Comment 1 Daniel Bates 2011-10-02 20:12:56 PDT 
Comment 2 of the corresponding Chromium bug <http://code.google.com/p/chromium/issues/detail?id=65264#c2> states that this bug may be a duplicate of Chromium bug <http://code.google.com/p/chromium/issues/detail?id=64749>, which corresponds to WebKit Bug #50218.