RESOLVED FIXED 99607
editing/pasteboard/paste-noscript-xhtml.xhtml crashes in chromium's content_shell 
https://bugs.webkit.org/show_bug.cgi?id=99607
Summary editing/pasteboard/paste-noscript-xhtml.xhtml crashes in chromium's content_s...
jochen
Reported 2012-10-17 10:11:40 PDT
When running new_run_webkit_tests --chromium --debug --driver-name=content_shell --additional-drt-flag=--dump-render-tree --additional-drt-flag=--no-sandbox --clobber-old-results --no-show-results editing/pasteboard/paste-noscript-xhtml.xhtml I get the following crash: STDERR: [20611:20611:1017/190312:32571343945:ERROR:process_util_posix.cc(144)] Received signal 11 STDERR: base::debug::StackTrace::StackTrace() [0x4e505e] STDERR: base::(anonymous namespace)::StackDumpSignalHandler() [0x4fe814] STDERR: 0x7fc9502a84c0 STDERR: WebCore::Node::getFlag() [0xc5084e] STDERR: WebCore::Node::isContainerNode() [0x1e02c0a] STDERR: WebCore::Node::firstChild() [0x1e292a9] STDERR: WebCore::getChildNodes() [0x2c2ce43] STDERR: WebCore::ContainerNode::takeAllChildrenFrom() [0x309d9aa] STDERR: WebCore::createFragmentFromMarkupWithContext() [0x27e112a] STDERR: WebCore::Pasteboard::documentFragment() [0x39f3efa] STDERR: WebCore::Editor::pasteWithPasteboard() [0x2779bfd] STDERR: WebCore::Editor::paste() [0x277d47e] STDERR: WebCore::executePaste() [0x278fca1] STDERR: WebCore::Editor::Command::execute() [0x278c1d5] STDERR: WebCore::Document::execCommand() [0x30c6c0e] STDERR: WebCore::DocumentV8Internal::execCommandCallback() [0x36826b3] STDERR: v8::internal::HandleApiCallHelper<>() [0x1699b95] STDERR: v8::internal::Builtin_Impl_HandleApiCall() [0x1699773] STDERR: v8::internal::Builtin_HandleApiCall() [0x16932fc] STDERR: 0x24143650618e Tracked also in http://code.google.com/p/chromium/issues/detail?id=156376
Attachments
Add attachment proposed patch, testcase, etc.
Adam Klein
Comment 1 2012-10-18 11:21:02 PDT
Most likely reason for this is that we're passing an empty DocumentFragment to ContainerNode::takeAllChildrenFrom(), which assumes (but doesn't check) that oldParent is non-null. Will look into it.
Adam Klein
Comment 2 2012-10-18 11:57:51 PDT
I'm running into a bit of a problem trying to track this down, in that I can't figure out how to attach gdb to the renderer. jochen, any tips?
jochen
Comment 3 2012-10-18 12:18:14 PDT
(In reply to comment #2) > I'm running into a bit of a problem trying to track this down, in that I can't figure out how to attach gdb to the renderer. jochen, any tips? I would try echo /path/to/editing/pasteboard/paste-noscript-xhtml.xhtml | out/Debug/content_shell --dump-render-tree --no-timeout --no-sandbox --renderer-cmd-prefix='xterm -title renderer -e gdb --eval-command=run --args' That should start each renderer in a gdb in a new xterm
Adam Klein
Comment 4 2012-10-18 12:19:01 PDT
Thanks, used printfs for now. It looks like the problem is that the selected content can't be parsed, likely due to a leading <meta charset='UTF-8'> tag in the selected markup. Still digging to figure out how that's ending up in the selection, and only in ContentShell.
Adam Klein
Comment 5 2012-10-18 12:23:37 PDT
(In reply to comment #4) > Thanks, used printfs for now. It looks like the problem is that the selected content can't be parsed, likely due to a leading <meta charset='UTF-8'> tag in the selected markup. Still digging to figure out how that's ending up in the selection, and only in ContentShell. Correction, that's "<meta charset='utf-8'>" to be precise, and at least on Mac it looks like we add that to the selection. Last of updates for now, I think I've got a bead on it.
Adam Klein
Comment 6 2012-10-18 12:42:01 PDT
Okay, I lied, one more question for jochen: I take it you were running this on Linux? I'm not able to reproduce there, only on Mac, and the <meta> tag insertion I mentioned before seems to be Mac-specific.
jochen
Comment 7 2012-10-18 12:50:04 PDT
(In reply to comment #6) > Okay, I lied, one more question for jochen: I take it you were running this on Linux? I'm not able to reproduce there, only on Mac, and the <meta> tag insertion I mentioned before seems to be Mac-specific. Yes, sorry for not mentioning this. I can repro on 64bit lucid and precise
Adam Klein
Comment 8 2012-10-18 14:02:34 PDT
(In reply to comment #7) > (In reply to comment #6) > > Okay, I lied, one more question for jochen: I take it you were running this on Linux? I'm not able to reproduce there, only on Mac, and the <meta> tag insertion I mentioned before seems to be Mac-specific. > > Yes, sorry for not mentioning this. > > I can repro on 64bit lucid and precise Hmm, I can't on precise (the test fails to run properly instead, looks like perhaps the paste never happens?). Anyway, the <meta> thing looks like a real bug (http://crbug.com/136218).
jochen
Comment 9 2012-10-18 14:05:42 PDT
(In reply to comment #8) > (In reply to comment #7) > > (In reply to comment #6) > > > Okay, I lied, one more question for jochen: I take it you were running this on Linux? I'm not able to reproduce there, only on Mac, and the <meta> tag insertion I mentioned before seems to be Mac-specific. > > > > Yes, sorry for not mentioning this. > > > > I can repro on 64bit lucid and precise > > Hmm, I can't on precise (the test fails to run properly instead, looks like perhaps the paste never happens?). Anyway, the <meta> thing looks like a real bug (http://crbug.com/136218). Are you building after chromium r161834 ?
Adam Klein
Comment 10 2012-10-23 07:52:38 PDT
Should be fixed by http://trac.webkit.org/changeset/132211
Note You need to log in before you can comment on or make changes to this bug.