Bug 56644 - chrome.dll!WebCore::positionAvoidingPrecedingNodes ReadAV@NULL (586c6d571697e9318ad053888f701434)
Summary: chrome.dll!WebCore::positionAvoidingPrecedingNodes ReadAV@NULL (586c6d571697e...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: HTML Editing (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Windows Vista
: P1 Normal
Assignee: Nobody
URL:
Keywords:
Depends on: 56771
Blocks:
  Show dependency treegraph
 
Reported: 2011-03-18 07:25 PDT by Berend-Jan Wever
Modified: 2011-04-03 08:28 PDT (History)
1 user (show)

See Also:

Attachments
Repro (269 bytes, text/html)
2011-03-18 07:25 PDT, Berend-Jan Wever 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Berend-Jan Wever 2011-03-18 07:25:50 PDT 
Created attachment 86162 [details]
Repro

Chromium: http://code.google.com/p/chromium/issues/detail?id=76675
Repro:
<body onload="go()"></body>
<script>
  function go() {
    document.open();
    document.designMode="on";
    var oSelection = window.getSelection();
    oSelection.setPosition(document,6);
    document.write("x");
    document.execCommand("InsertImage");
  }
</script>

id:             chrome.dll!WebCore::positionAvoidingPrecedingNodes ReadAV@NULL (586c6d571697e9318ad053888f701434)
description:    Attempt to read from unallocated NULL pointer+0x24 in chrome.dll!WebCore::positionAvoidingPrecedingNodes
stack:          chrome.dll!WebCore::positionAvoidingPrecedingNodes
                chrome.dll!WebCore::ReplaceSelectionCommand::doApply
                chrome.dll!WebCore::EditCommand::apply
                chrome.dll!WebCore::applyCommand
                chrome.dll!WebCore::executeInsertFragment
                chrome.dll!WebCore::executeInsertNode
                chrome.dll!WebCore::executeInsertImage
                chrome.dll!WebCore::Editor::Command::execute
                chrome.dll!WebCore::Document::execCommand
                chrome.dll!WebCore::DocumentInternal::execCommandCallback
                chrome.dll!v8::internal::HandleApiCallHelper<...>
                chrome.dll!v8::internal::Builtin_HandleApiCall
                chrome.dll!v8::internal::Invoke
                chrome.dll!v8::internal::Execution::Call
                ...
Comment 1 Ryosuke Niwa 2011-03-21 15:59:49 PDT 
I can't reproduce this crash on Chrome 11.0.696.12 although it hits an assertion on ToT WebKit.
Comment 2 Berend-Jan Wever 2011-03-28 03:54:10 PDT 
Have you tried Chrome 12? This reproduces in 12.0.716.0 (79495) for me.
Comment 3 Ryosuke Niwa 2011-04-03 08:28:29 PDT 
Fixed in http://trac.webkit.org/changeset/82791.