[Webkit-unassigned] [Bug 51644] New: chrome.dll!WebCore::Node::isBlockFlow ReadAV at NULL (8740b2b92337948c3b9246f2bb3a58f0)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Dec 27 07:20:54 PST 2010 

https://bugs.webkit.org/show_bug.cgi?id=51644

           Summary: chrome.dll!WebCore::Node::isBlockFlow ReadAV at NULL
                    (8740b2b92337948c3b9246f2bb3a58f0)
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Windows Vista
            Status: NEW
          Severity: Normal
          Priority: P1
         Component: HTML Editing
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: skylined at chromium.org
                CC: eric at webkit.org


Created an attachment (id=77505)
 --> (https://bugs.webkit.org/attachment.cgi?id=77505&action=review)
Repro

http://code.google.com/p/chromium/issues/detail?id=68091
Repro: (somewhat large - can probably be reduced a lot more)
<script>
  function go() {
    document.designMode="on";
    document.execCommand("SelectAll", false);
    document.execCommand("insertunorderedlist")
    document.execCommand("bold");
    document.execCommand("Indent", false);
    document.execCommand("insertparagraph")
    document.execCommand("inserthorizontalrule");
    document.execCommand("Indent",false);
    document.execCommand("outdent");
    document.execCommand("insertorderedlist", false)
    document.execCommand("insertimage", false);
    document.execCommand("insertunorderedlist",false);
    document.execCommand("SelectAll", false)
    document.execCommand("JustifyFull")
    document.execCommand("insertorderedlist",false)
    document.execCommand("insertimage",false);
    document.execCommand("InsertUnorderedList",false)
    document.execCommand("Indent");
    document.execCommand("delete")
    document.execCommand("InsertUnorderedList")
    document.execCommand("insertunorderedlist", false)
    document.execCommand("Indent")
    document.execCommand("Indent",false)
    document.execCommand("outdent")
    document.execCommand("InsertUnorderedList")
    document.execCommand("insertorderedlist");
    document.execCommand("insertimage", false);
    document.execCommand("insertparagraph");
    document.execCommand("insertimage", false)
    document.execCommand("InsertHorizontalRule")
    document.execCommand("delete");
    document.execCommand("insertorderedlist");
    document.execCommand("delete", false);
    document.execCommand("selectall");
    document.execCommand("Indent")
    document.execCommand("justifyright");
    document.execCommand("insertorderedlist", false);
    document.execCommand("insertunorderedlist", false)
    document.execCommand("InsertUnorderedList", false);
    document.execCommand("Outdent", false);
    document.execCommand("Bold");
    document.execCommand("outdent", false);
    document.execCommand("Outdent");
    document.execCommand("inserthorizontalrule", false);
    document.execCommand("Outdent")
    document.execCommand("InsertUnorderedList");
    document.execCommand("Outdent");
    document.execCommand("InsertImage", false)
    document.execCommand("insertparagraph");
    document.execCommand("Outdent");
    document.execCommand("insertunorderedlist");
    document.execCommand("insertunorderedlist", false);
    document.execCommand("insertorderedlist", false);
    document.execCommand("insertunorderedlist");
    document.execCommand("insertunorderedlist", false);
    document.execCommand("Outdent", false)
    document.execCommand("selectall");
    document.execCommand("indent")
    document.execCommand("insertimage", false);
    document.execCommand("insertunorderedlist", false);
    document.execCommand("insertorderedlist", false);
    document.execCommand("SelectAll", false);
    document.execCommand("insertorderedlist");
    location.reload();
  }
</script>
<body onload="go()">

id:             chrome.dll!WebCore::Node::isBlockFlow ReadAV at NULL (8740b2b92337948c3b9246f2bb3a58f0)
description:    Attempt to read from unallocated NULL pointer+0x20 in chrome.dll!WebCore::Node::isBlockFlow
application:    Chromium 10.0.623.0
stack:          chrome.dll!WebCore::Node::isBlockFlow
                chrome.dll!WebCore::InsertListCommand::doApplyForSingleParagraph
                chrome.dll!WebCore::InsertListCommand::doApply
                chrome.dll!WebCore::EditCommand::apply
                chrome.dll!WebCore::applyCommand
                chrome.dll!WebCore::executeInsertOrderedList
                chrome.dll!WebCore::Editor::Command::execute
                chrome.dll!WebCore::Document::execCommand
                chrome.dll!WebCore::DocumentInternal::execCommandCallback
                chrome.dll!v8::internal::HandleApiCallHelper<...>
                chrome.dll!v8::internal::Builtin_HandleApiCall
                chrome.dll!v8::internal::Invoke
                chrome.dll!v8::internal::Execution::Call
                ...

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list