NEW 50590
WebKit hangs in InsertUnorderedList 
https://bugs.webkit.org/show_bug.cgi?id=50590
Summary WebKit hangs in InsertUnorderedList
Daniel Jalkut
Reported 2010-12-06 14:27:49 PST
Note: this may be a duplicate of one of these similar-seeming bugs: https://bugs.webkit.org/show_bug.cgi?id=19735 https://bugs.webkit.org/show_bug.cgi?id=32422 I don't understand the hang mechanism well enough yet, or the details of those bugs enough to say whether they are based on the same root failure. To reproduce the hang in Safari or a WebKit nightly (as of December 5, 2010 nightly): 1. Open Snippet editor. 2. Paste the following HTML: <body></body> <script> document.designMode="on"; document.body.innerHTML = "<p>Test1</p><p style='min-height:14.0px;'><strong> </strong></p><p>Test2</p>" document.execCommand("SelectAll"); document.execCommand("InsertUnorderedList"); </script> 3. Observe the hang.
Attachments
Add attachment proposed patch, testcase, etc.
Annie Sullivan
Comment 1 2011-05-24 19:30:18 PDT
I started looking into this in the debugger. It gets into an infinite loop in the while() loop inside of InsertListCommand::doApply(). After the first iteration, it changes the HTML to this: <p><ul><li>Test1</li></ul><p><strong> </strong></p><p>Test2</p> Each iteration after that appends <li><br></li> to the <ul>. startOfCurrentParagraph is always the start of the second paragraph, and startOfLastParagraph is always the start of the third paragraph, so the while loop never terminates.
Ryosuke Niwa
Comment 2 2011-05-24 19:32:19 PDT
(In reply to comment #1) > I started looking into this in the debugger. It gets into an infinite loop in the while() loop inside of InsertListCommand::doApply(). After the first iteration, it changes the HTML to this: I stopped fixing these bugs at some point in the past because fixing just one case doesn't improve the situation. We need a better mechanism to iterate through paragraphs and move paragraphs around. It's almost pointless in fixing this special case because there are trillion other ways to make WebKit crash.
Note You need to log in before you can comment on or make changes to this bug.