[Webkit-unassigned] [Bug 13336] New: REGRESSION: editing/execCommand/hilitecolor.html crashes under guardMalloc
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Apr 11 15:14:59 PDT 2007
http://bugs.webkit.org/show_bug.cgi?id=13336
Summary: REGRESSION: editing/execCommand/hilitecolor.html crashes
under guardMalloc
Product: WebKit
Version: 522+ (nightly)
Platform: Macintosh
OS/Version: Mac OS X 10.4
Status: NEW
Keywords: Regression
Severity: Major
Priority: P1
Component: New Bugs
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: mitz at webkit.org
CC: hyatt at apple.com, justin.garcia at apple.com
Backtrace:
Thread 0 Crashed:
0 com.apple.WebCore 0x01522bf7 WebCore::TextRun::operator[](int)
const + 19 (Font.h:61)
1 com.apple.WebCore 0x011f591d
WebCore::Font::canUseGlyphCache(WebCore::TextRun const&) const + 89
(Font.cpp:527)
2 com.apple.WebCore 0x011f6db6
WebCore::Font::selectionRectForText(WebCore::TextRun const&, WebCore::TextStyle
const&, WebCore::IntPoint const&, int, int, int) const + 58 (Font.cpp:660)
3 com.apple.WebCore 0x01123796
WebCore::InlineTextBox::selectionRect(int, int, int, int) + 540
(InlineTextBox.cpp:130)
4 com.apple.WebCore 0x0117b5a2 WebCore::RenderText::selectionRect()
+ 326 (RenderText.cpp:1050)
5 com.apple.WebCore 0x01501b45
WebCore::RenderObject::SelectionInfo::SelectionInfo[in-charge](WebCore::RenderObject*)
+ 45 (RenderObject.h:815)
6 com.apple.WebCore 0x01142f5c
WebCore::RenderView::setSelection(WebCore::RenderObject*, int,
WebCore::RenderObject*, int) + 398 (RenderView.cpp:295)
7 com.apple.WebCore 0x0114404f
WebCore::RenderView::clearSelection() + 49 (RenderView.cpp:423)
8 com.apple.WebCore 0x011d6efd
WebCore::SelectionController::nodeWillBeRemoved(WebCore::Node*) + 997
(SelectionController.cpp:196)
9 com.apple.WebCore 0x010cb064
WebCore::Document::notifyBeforeNodeRemoval(WebCore::Node*) + 54
(Document.cpp:2278)
10 com.apple.WebCore 0x010d4527
WebCore::dispatchChildRemovalEvents(WebCore::Node*, int&) + 95
(ContainerNode.cpp:923)
11 com.apple.WebCore 0x010d48d9
WebCore::willRemoveChild(WebCore::Node*) + 27 (ContainerNode.cpp:342)
12 com.apple.WebCore 0x010d4c98
WebCore::ContainerNode::removeChild(WebCore::Node*, int&) + 584
(ContainerNode.cpp:381)
13 com.apple.WebCore 0x010d510b
WebCore::ContainerNode::appendChild(WTF::PassRefPtr<WebCore::Node>, int&) + 579
(ContainerNode.cpp:511)
14 com.apple.WebCore 0x011e5cc2
WebCore::WrapContentsInDummySpanCommand::doApply() + 304
(WrapContentsInDummySpanCommand.cpp:50)
15 com.apple.WebCore 0x011b8c6c WebCore::EditCommand::apply() + 384
(EditCommand.cpp:92)
16 com.apple.WebCore 0x011aff37
WebCore::CompositeEditCommand::applyCommandToComposite(WTF::PassRefPtr<WebCore::EditCommand>)
+ 53 (CompositeEditCommand.cpp:97)
17 com.apple.WebCore 0x011b142d
WebCore::CompositeEditCommand::wrapContentsInDummySpan(WebCore::Element*) + 71
(CompositeEditCommand.cpp:243)
18 com.apple.WebCore 0x011d9d0f
WebCore::SplitTextNodeContainingElementCommand::doApply() + 299
(SplitTextNodeContainingElementCommand.cpp:53)
19 com.apple.WebCore 0x011b8c6c WebCore::EditCommand::apply() + 384
(EditCommand.cpp:92)
20 com.apple.WebCore 0x011aff37
WebCore::CompositeEditCommand::applyCommandToComposite(WTF::PassRefPtr<WebCore::EditCommand>)
+ 53 (CompositeEditCommand.cpp:97)
21 com.apple.WebCore 0x011b12aa
WebCore::CompositeEditCommand::splitTextNodeContainingElement(WebCore::Text*,
int) + 78 (CompositeEditCommand.cpp:248)
22 com.apple.WebCore 0x011a8ce0
WebCore::ApplyStyleCommand::splitTextElementAtStartIfNeeded(WebCore::Position
const&, WebCore::Position const&) + 252 (ApplyStyleCommand.cpp:1062)
23 com.apple.WebCore 0x011acff2
WebCore::ApplyStyleCommand::applyInlineStyle(WebCore::CSSMutableStyleDeclaration*)
+ 238 (ApplyStyleCommand.cpp:595)
24 com.apple.WebCore 0x011aedc5
WebCore::ApplyStyleCommand::doApply() + 425 (ApplyStyleCommand.cpp:349)
25 com.apple.WebCore 0x011b8c6c WebCore::EditCommand::apply() + 384
(EditCommand.cpp:92)
26 com.apple.WebCore 0x011b8da0
WebCore::applyCommand(WTF::PassRefPtr<WebCore::EditCommand>) + 82
(EditCommand.cpp:227)
27 com.apple.WebCore 0x01361ce3
WebCore::Editor::applyStyle(WebCore::CSSStyleDeclaration*, WebCore::EditAction)
+ 213 (Editor.cpp:616)
28 com.apple.WebCore 0x011c2ba1 WebCore::(anonymous
namespace)::execStyleChange(WebCore::Frame*, int, WebCore::String const&) + 139
(JSEditor.cpp:156)
29 com.apple.WebCore 0x011c2c64 WebCore::(anonymous
namespace)::execBackColor(WebCore::Frame*, bool, WebCore::String const&) + 38
(JSEditor.cpp:198)
30 com.apple.WebCore 0x011c3d25
WebCore::JSEditor::execCommand(WebCore::String const&, bool, WebCore::String
const&) + 133 (JSEditor.cpp:87)
31 com.apple.WebCore 0x010c5812
WebCore::Document::execCommand(WebCore::String const&, bool, WebCore::String
const&) + 56 (Document.cpp:2742)
32 com.apple.WebCore 0x0122ba1b
WebCore::JSDocumentPrototypeFunction::callAsFunction(KJS::ExecState*,
KJS::JSObject*, KJS::List const&) + 7693 (JSDocument.cpp:580)
33 com.apple.JavaScriptCore 0x00403a4a KJS::JSObject::call(KJS::ExecState*,
KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97)
34 com.apple.JavaScriptCore 0x003fa998
KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 944 (nodes.cpp:781)
35 com.apple.JavaScriptCore 0x003f7b50
KJS::ExprStatementNode::execute(KJS::ExecState*) + 148 (nodes.cpp:1681)
36 com.apple.JavaScriptCore 0x003f587e
KJS::SourceElementsNode::execute(KJS::ExecState*) + 566 (nodes.cpp:2464)
37 com.apple.JavaScriptCore 0x003f4080
KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1657)
38 com.apple.JavaScriptCore 0x003ee939
KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UChar const*, int,
KJS::JSValue*) + 989 (interpreter.cpp:365)
39 com.apple.WebCore 0x012465ff
WebCore::KJSProxy::evaluate(WebCore::String const&, int, WebCore::String
const&, WebCore::Node*) + 319 (kjs_proxy.cpp:78)
40 com.apple.WebCore 0x01384405
WebCore::FrameLoader::executeScript(WebCore::String const&, int,
WebCore::Node*, WebCore::String const&) + 99 (FrameLoader.cpp:686)
41 com.apple.WebCore 0x0101ddda
WebCore::HTMLTokenizer::scriptExecution(WebCore::DeprecatedString const&,
WebCore::HTMLTokenizer::State, WebCore::DeprecatedString, int) + 316
(HTMLTokenizer.cpp:502)
42 com.apple.WebCore 0x01020595
WebCore::HTMLTokenizer::scriptHandler(WebCore::HTMLTokenizer::State) + 1449
(HTMLTokenizer.cpp:452)
43 com.apple.WebCore 0x01020a8e
WebCore::HTMLTokenizer::parseSpecial(WebCore::SegmentedString&,
WebCore::HTMLTokenizer::State) + 918 (HTMLTokenizer.cpp:310)
44 com.apple.WebCore 0x01022440
WebCore::HTMLTokenizer::parseTag(WebCore::SegmentedString&,
WebCore::HTMLTokenizer::State) + 5274 (HTMLTokenizer.cpp:1176)
45 com.apple.WebCore 0x01022bf7
WebCore::HTMLTokenizer::write(WebCore::SegmentedString const&, bool) + 1173
(HTMLTokenizer.cpp:1389)
46 com.apple.WebCore 0x01378e95 WebCore::FrameLoader::write(char
const*, int, bool) + 923 (FrameLoader.cpp:884)
47 com.apple.WebCore 0x01378fc7 WebCore::FrameLoader::addData(char
const*, int) + 275 (FrameLoader.cpp:1543)
48 com.apple.WebCore 0x010d72f5 -[WebCoreFrameBridge addData:] + 163
(WebCoreFrameBridge.mm:291)
49 com.apple.WebCore 0x010da6ac -[WebCoreFrameBridge
receivedData:textEncodingName:] + 250 (WebCoreFrameBridge.mm:1477)
50 com.apple.WebKit 0x002324d5 -[WebHTMLRepresentation
receivedData:withDataSource:] + 199 (WebHTMLRepresentation.mm:175)
51 com.apple.WebKit 0x0022dbdb -[WebDataSource(WebInternal)
_receivedData:] + 89 (WebDataSource.mm:178)
52 com.apple.WebKit 0x00294e93
WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int)
+ 127 (WebFrameLoaderClient.mm:645)
53 com.apple.WebCore 0x01375d21
WebCore::FrameLoader::committedLoad(WebCore::DocumentLoader*, char const*, int)
+ 53 (FrameLoader.cpp:2956)
54 com.apple.WebCore 0x013869e5
WebCore::DocumentLoader::commitLoad(char const*, int) + 87
(DocumentLoader.cpp:347)
55 com.apple.WebCore 0x01386a3e
WebCore::DocumentLoader::receivedData(char const*, int) + 76
(DocumentLoader.cpp:360)
56 com.apple.WebCore 0x01375351
WebCore::FrameLoader::receivedData(char const*, int) + 41
(FrameLoader.cpp:1979)
57 com.apple.WebCore 0x01388308
WebCore::MainResourceLoader::addData(char const*, int, bool) + 80
(MainResourceLoader.cpp:134)
58 com.apple.WebCore 0x0138a43f
WebCore::ResourceLoader::didReceiveData(char const*, int, long long, bool) + 83
59 com.apple.WebCore 0x0138863d
WebCore::MainResourceLoader::didReceiveData(char const*, int, long long, bool)
+ 281 (MainResourceLoader.cpp:289)
60 com.apple.WebCore 0x0138a046
WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char const*,
int, int) + 58
61 com.apple.WebCore 0x01368d8c -[WebCoreResourceHandleAsDelegate
connection:didReceiveData:lengthReceived:] + 172 (ResourceHandleMac.mm:352)
62 com.apple.Foundation 0x92856afa
-[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 641
63 com.apple.Foundation 0x92854ddb
-[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 686
64 com.apple.Foundation 0x92854ab5 _sendCallbacks + 201
65 com.apple.CoreFoundation 0x9082df92 CFRunLoopRunSpecific + 1213
66 com.apple.CoreFoundation 0x9082dace CFRunLoopRunInMode + 61
67 com.apple.Foundation 0x92825d3a -[NSRunLoop runMode:beforeDate:] +
182
68 DumpRenderTree 0x0000a450 runTest + 1109
(DumpRenderTree.m:1400)
69 DumpRenderTree 0x000065f5 dumpRenderTree + 2209
(DumpRenderTree.m:503)
70 DumpRenderTree 0x0000685d main + 70 (DumpRenderTree.m:558)
71 DumpRenderTree 0x00002482 _start + 216
72 DumpRenderTree 0x000023a9 start + 41
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list