Created attachment 77494 [details] Repro http://code.google.com/p/chromium/issues/detail?id=68085 Repro: <html xmlns="http://www.w3.org/1999/xhtml"> <head> <style> *{ text-decoration:blink line-through; } </style> <script> function go() { document.execCommand("SelectAll"); document.execCommand("JustifyRight"); document.execCommand("JustifyNone"); } </script> </head> <body onload="go()" contenteditable="true"> <svg>x</svg> </body> </html> id: chrome.dll!WebCore::ApplyStyleCommand::applyBlockStyle ReadAV@NULL (64db547804532a84be2e53721e499e9e) description: Attempt to read from unallocated NULL pointer+0x24 in chrome.dll!WebCore::ApplyStyleCommand::applyBlockStyle application: Chromium 10.0.623.0 stack: chrome.dll!WebCore::ApplyStyleCommand::applyBlockStyle chrome.dll!WebCore::ApplyStyleCommand::doApply chrome.dll!WebCore::EditCommand::apply chrome.dll!WebCore::applyCommand chrome.dll!WebCore::Editor::applyParagraphStyle chrome.dll!WebCore::executeApplyParagraphStyle chrome.dll!WebCore::executeJustifyLeft chrome.dll!WebCore::Editor::Command::execute chrome.dll!WebCore::Document::execCommand chrome.dll!WebCore::DocumentInternal::execCommandCallback chrome.dll!v8::internal::HandleApiCallHelper<...> chrome.dll!v8::internal::Builtin_HandleApiCall chrome.dll!v8::internal::Invoke chrome.dll!v8::internal::Execution::Call ...
I think this is a dupe of/fixed by https://bugs.webkit.org/show_bug.cgi?id=67765
It would be nice to add a layout test to cover BJ's repro.
Created attachment 108511 [details] Patch
Comment on attachment 108511 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=108511&action=review > w/LayoutTests/ChangeLog:8 > +Add repro for a crash inside WebCore::ApplyStyleCommand::applyBlockStyle. Fixed by r94840. This should be indented.
Created attachment 108513 [details] Patch
Comment on attachment 108513 [details] Patch Clearing flags on attachment: 108513 Committed r95885: <http://trac.webkit.org/changeset/95885>
All reviewed patches have been landed. Closing bug.
This test failed after the patch: editing/style/justify-without-enclosing-block.xhtml --- /ramdisk/qt-linux-32-debug/build/layout-test-results/editing/style/justify-without-enclosing-block-expected.txt +++ /ramdisk/qt-linux-32-debug/build/layout-test-results/editing/style/justify-without-enclosing-block-actual.txt @@ -1,5 +1,22 @@ -execCommand("JustifyNone") was crashing inside WebCore::ApplyStyleCommand::applyBlockStyle. -See https://bugs.webkit.org/show_bug.cgi?id=51639 -The test has passed if it does not crash. - -PASS +layer at (0,0) size 800x600 + RenderView at (0,0) size 800x600 +layer at (0,0) size 800x126 + RenderBlock {html} at (0,0) size 800x126 + RenderBody {body} at (8,8) size 784x110 + RenderBlock {div} at (0,0) size 784x22 + RenderText {#text} at (0,0) size 696x22 + text run at (0,0) width 696: "execCommand(\"JustifyNone\") was crashing inside WebCore::ApplyStyleCommand::applyBlockStyle." + RenderBlock {div} at (0,22) size 784x22 + RenderText {#text} at (0,0) size 349x22 + text run at (0,0) width 349: "See https://bugs.webkit.org/show_bug.cgi?id=51639" + RenderBlock {div} at (0,44) size 784x22 + RenderText {#text} at (0,0) size 261x22 + text run at (0,0) width 261: "The test has passed if it does not crash." + RenderBlock {div} at (0,66) size 784x22 + RenderBR {br} at (0,0) size 0x22 + RenderBlock {div} at (0,88) size 784x22 + RenderText {#text} at (0,0) size 40x22 + text run at (0,0) width 40: "PASS" + RenderBlock (anonymous) at (0,110) size 784x0 +selection start: position 0 of child 0 {#text} of child 0 {div} of body +selection end: position 4 of child 0 {#text} of child 4 {div} of body
Created attachment 108664 [details] Patch
(In reply to comment #9) > Created an attachment (id=108664) [details] > Patch I think this should cause the test output to match the expectation. Sorry for the trouble, I'm new at this and sorta expected it wouldn't be possible to land a broken test. :-(
Comment on attachment 108664 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=108664&action=review > w/LayoutTests/editing/style/justify-without-enclosing-block.xhtml:14 > + window.layoutTestController.dumpAsText(); You don't really need window. on the second line.
(In reply to comment #11) > (From update of attachment 108664 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=108664&action=review > > > w/LayoutTests/editing/style/justify-without-enclosing-block.xhtml:14 > > + window.layoutTestController.dumpAsText(); > > You don't really need window. on the second line. Okay, I cut and paste from 4230923.html. Will fix.
Created attachment 108671 [details] Patch
Comment on attachment 108671 [details] Patch I don't have a way to test the expectations right now. If the new expectations could be tested before landing, that would be great.
Reopen the bug so that commit queue can land the patch.
Committed r95958: <http://trac.webkit.org/changeset/95958>