Bug 94854 - Crash in WebCoreCompositeEditCommandinsertNodeAt
Summary: Crash in WebCoreCompositeEditCommandinsertNodeAt
Status: RESOLVED CONFIGURATION CHANGED
Alias: None
Product: WebKit
Classification: Unclassified
Component: HTML Editing (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P1 Normal
Assignee: Nobody
URL:
Keywords: HasReduction
Depends on:
Blocks:
 
Reported: 2012-08-23 14:25 PDT by Ryosuke Niwa
Modified: 2022-10-19 09:57 PDT (History)
8 users (show)

See Also:

Attachments
Demonstrates the bug (267 bytes, text/html)
2012-08-23 14:25 PDT, Ryosuke Niwa 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ryosuke Niwa 2012-08-23 14:25:03 PDT 
Created attachment 160245 [details]
Demonstrates the bug

<embed>
<div style="overflow:scroll;">
<div style="display:table;"></div>
</div>
<script type="text/javascript">
document.designMode = "on"
document.execCommand("selectall")
document.execCommand("inserttext",false,"iframe")
document.execCommand("selectall")
</script>

0012ee9c 031fbe8a chrome_1c30000!WebCoreCompositeEditCommandinsertNodeAt(class WTFPassRefPtrWebCoreNode insertChild = class WTFPassRefPtrWebCoreNode, class WebCorePosition  editingPosition = 0x00000000)+0x47 [cbbuildslavewinbuildsrcthird_partywebkitsourcewebcoreeditingcompositeeditcommand.cpp @ 348]
0012ef60 031db893 chrome_1c30000!WebCoreDeleteSelectionCommanddoApply(void)+0x49a [cbbuildslavewinbuildsrcthird_partywebkitsourcewebcoreeditingdeleteselectioncommand.cpp @ 821]
0012ef74 031dc668 chrome_1c30000!WebCoreCompositeEditCommandapplyCommandToComposite(class WTFPassRefPtrWebCoreEditCommand prpCommand = class WTFPassRefPtrWebCoreEditCommand)+0x23 [cbbuildslavewinbuildsrcthird_partywebkitsourcewebcoreeditingcompositeeditcommand.cpp @ 257]
0012ef88 032af596 chrome_1c30000!WebCoreCompositeEditCommanddeleteSelection(bool smartDelete = false, bool mergeBlocksAfterDelete = true, bool replace = true, bool expandForSpecialElements = false)+0x48 [cbbuildslavewinbuildsrcthird_partywebkitsourcewebcoreeditingcompositeeditcommand.cpp @ 549]
0012f0c0 031db583 chrome_1c30000!WebCoreInsertTextCommanddoApply(void)+0x56 [cbbuildslavewinbuildsrcthird_partywebkitsourcewebcoreeditinginserttextcommand.cpp @ 114]
0012f0d0 031fe325 chrome_1c30000!WebCoreCompositeEditCommandapplyCommandToComposite(class WTFPassRefPtrWebCoreCompositeEditCommand command = class WTFPassRefPtrWebCoreCompositeEditCommand, class WebCoreVisibleSelection  selection = 0x051a84b8)+0x43 [cbbuildslavewinbuildsrcthird_partywebkitsourcewebcoreeditingcompositeeditcommand.cpp @ 272]
0012f0ec 031ff392 chrome_1c30000!WebCoreTypingCommandinsertTextRunWithoutNewlines(class WTFString  text = 0x051a851c, bool selectInsertedText = false)+0x55 [cbbuildslavewinbuildsrcthird_partywebkitsourcewebcoreeditingtypingcommand.cpp @ 385]
0012f108 03200078 chrome_1c30000!WebCoreTypingCommandinsertText(class WTFString  text = 0x051a851c, bool selectInsertedText = false)+0x92 [cbbuildslavewinbuildsrcthird_partywebkitsourcewebcoreeditingtypingcommand.cpp @ 370]
0012f118 031dd81b chrome_1c30000!WebCoreTypingCommanddoApply(void)+0xa8 [cbbuildslavewinbuildsrcthird_partywebkitsourcewebcoreeditingtypingcommand.cpp @ 285]
0012f128 031df9cb chrome_1c30000!WebCoreCompositeEditCommandapply(void)+0x6b [cbbuildslavewinbuildsrcthird_partywebkitsourcewebcoreeditingcompositeeditcommand.cpp @ 205]
0012f130 031fff23 chrome_1c30000!WebCoreapplyCommand(class WTFPassRefPtrWebCoreCompositeEditCommand command = class WTFPassRefPtrWebCoreCompositeEditCommand)+0xb [cbbuildslavewinbuildsrcthird_partywebkitsourcewebcoreeditingcompositeeditcommand.cpp @ 162]
...

http://crbug.com/121317
Comment 2 Ahmad Saleem 2022-10-16 10:38:54 PDT 
@rniwa - this test case does not seems to crash when changed to JSFiddle, do it need to be in Debug mode to crash or some specific steps and also this changes seems to be not merged in Webkit. Thanks!
Comment 3 Ryosuke Niwa 2022-10-19 09:57:38 PDT 
Yeah, this is config changed.