67478 – Calling "positionInParentAfterNode" on HTMLDocument doesn't work as it doesn't have a parent

Bug 67478 - Calling "positionInParentAfterNode" on HTMLDocument doesn't work as it doesn't have a parent

Summary: Calling "positionInParentAfterNode" on HTMLDocument doesn't work as it doesn'...

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	HTML Editing (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC Windows Vista

Importance:	P1 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2011-09-02 05:16 PDT by Berend-Jan Wever
Modified:	2011-09-30 14:33 PDT (History)
CC List:	2 users (show)

See Also:

Attachments
Repro (851 bytes, text/html) 2011-09-02 05:16 PDT, Berend-Jan Wever	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Berend-Jan Wever 2011-09-02 05:16:14 PDT

Created attachment 106117 [details]
Repro

Repro (can probably be reduced further):
<!DOCTYPE html><script>
setTimeout(function() {
  document.execCommand("selectall");
  document.designMode="on";
  document.execCommand("indent", false);
  document.execCommand("outdent",false);
  document.execCommand("InsertImage",false);
  document.execCommand("Delete",false);
  document.execCommand("insertorderedlist",false);
  document.execCommand("delete");
  document.execCommand("inserthorizontalrule",false);
  document.execCommand("InsertImage",false);
  document.execCommand("inserthorizontalrule",false);
  document.execCommand("insertunorderedlist");
  document.execCommand("selectall",false);
  document.execCommand("insertorderedlist",false);
  document.execCommand("Delete",false);
  document.execCommand("selectall");
  document.execCommand("outdent");
  document.execCommand("insertimage",false);
}, 100);
</script><frameset><frame>

id:             chrome.dll!WebCore::positionAvoidingPrecedingNodes ReadAV@NULL (586c6d571697e9318ad053888f701434)
description:    Attempt to read from unallocated NULL pointer in chrome.dll!WebCore::positionAvoidingPrecedingNodes
stack:          chrome.dll!WebCore::positionAvoidingPrecedingNodes
                chrome.dll!WebCore::ReplaceSelectionCommand::doApply
                chrome.dll!WebCore::EditCommand::apply
                chrome.dll!WebCore::applyCommand
                ...