[Webkit-unassigned] [Bug 119672] New: ASSERTION FAILED: extractedStyle in WebCore::ApplyStyleCommand::removeInlineStyleFromElement

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Aug 12 01:21:32 PDT 2013 

https://bugs.webkit.org/show_bug.cgi?id=119672

           Summary: ASSERTION FAILED: extractedStyle in
                    WebCore::ApplyStyleCommand::removeInlineStyleFromEleme
                    nt
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: HTML Editing
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: reni at webkit.org
            Blocks: 116980


The following tests failed on the assertion:

<html>
    <body>
        <table>
            <td>
                <a></a>
            </td>
        </table>
        <script>
            document.designMode = "on"; 
            document.execCommand("SelectAll"); 
            document.execCommand("CreateLink", 0, 'foo');
        </script>
   </body>
</html>


Backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff56fe985 in WTFCrash () at /home/reni2/data/REPOS/webkit/Source/WTF/wtf/Assertions.cpp:342
342        *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007ffff56fe985 in WTFCrash () at /home/reni2/data/REPOS/webkit/Source/WTF/wtf/Assertions.cpp:342
#1  0x00007ffff42a9fb7 in WebCore::ApplyStyleCommand::removeInlineStyleFromElement (this=0x8a9450, style=0x8a8cd0, element=..., 
    mode=WebCore::ApplyStyleCommand::RemoveAlways, extractedStyle=0x0) at /home/reni2/data/REPOS/webkit/Source/WebCore/editing/ApplyStyleCommand.cpp:889
#2  0x00007ffff42a9d00 in WebCore::ApplyStyleCommand::removeConflictingInlineStyleFromRun (this=0x8a9450, style=0x8a8cd0, runStart=..., runEnd=..., 
    pastEndNode=...) at /home/reni2/data/REPOS/webkit/Source/WebCore/editing/ApplyStyleCommand.cpp:868
#3  0x00007ffff42a95d8 in WebCore::ApplyStyleCommand::applyInlineStyleToNodeRange (this=0x8a9450, style=0x8a8cd0, startNode=..., pastEndNode=...)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/editing/ApplyStyleCommand.cpp:812
#4  0x00007ffff42a8b47 in WebCore::ApplyStyleCommand::fixRangeAndApplyInlineStyle (this=0x8a9450, style=0x8a8cd0, start=..., end=...)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/editing/ApplyStyleCommand.cpp:711
#5  0x00007ffff42a8763 in WebCore::ApplyStyleCommand::applyInlineStyle (this=0x8a9450, style=0x8a8cd0)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/editing/ApplyStyleCommand.cpp:674
#6  0x00007ffff42a58ff in WebCore::ApplyStyleCommand::doApply (this=0x8a9450)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/editing/ApplyStyleCommand.cpp:225
#7  0x00007ffff42b4f8a in WebCore::CompositeEditCommand::applyCommandToComposite (this=0x8a8d50, prpCommand=...)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/editing/CompositeEditCommand.cpp:266
#8  0x00007ffff42b5275 in WebCore::CompositeEditCommand::applyStyledElement (this=0x8a8d50, element=...)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/editing/CompositeEditCommand.cpp:297
#9  0x00007ffff42c1774 in WebCore::CreateLinkCommand::doApply (this=0x8a8d50) at /home/reni2/data/REPOS/webkit/Source/WebCore/editing/CreateLinkCommand.cpp:50
#10 0x00007ffff42b4d52 in WebCore::CompositeEditCommand::apply (this=0x8a8d50)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/editing/CompositeEditCommand.cpp:215
#11 0x00007ffff42b4ada in WebCore::applyCommand (command=...) at /home/reni2/data/REPOS/webkit/Source/WebCore/editing/CompositeEditCommand.cpp:171

#12 0x00007ffff42e5c89 in WebCore::executeCreateLink (frame=0x7a27a0, value=...) at /home/reni2/data/REPOS/webkit/Source/WebCore/editing/EditorCommand.cpp:293
#13 0x00007ffff42e9e1a in WebCore::Editor::Command::execute (this=0x7fffffffbc20, parameter=..., triggeringEvent=0x0)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/editing/EditorCommand.cpp:1706
#14 0x00007ffff41b93b2 in WebCore::Document::execCommand (this=0x7f4470, commandName=..., userInterface=false, value=...)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/dom/Document.cpp:4148
#15 0x00007ffff4ecd0c8 in WebCore::jsDocumentPrototypeFunctionExecCommand (exec=0x7fff9b3fd0b0) at generated/JSDocument.cpp:2748
#16 0x00007fff9bfff0e5 in ?? ()
#17 0x00007fffffffbdc0 in ?? ()
---Type <return> to continue, or q <return> to quit---
#18 0x00007ffff68071d4 in llint_op_call () from /home/reni2/data/REPOS/webkit/WebKitBuild/Debug/lib/libQt5WebKit.so.5
#19 0x00007fffffffbd70 in ?? ()
#20 0x00007ffff5556017 in JSC::JSStack::installTrapsAfterFrame (this=0x0, frame=0x0)
    at /home/reni2/data/REPOS/webkit/Source/JavaScriptCore/interpreter/JSStackInlines.h:212
#21 0x00007ffff5566cea in JSC::JITCode::execute (this=0x86ef40, stack=0x788658, callFrame=0x7fff9b3fd058, vm=0x7de090)
    at /home/reni2/data/REPOS/webkit/Source/JavaScriptCore/jit/JITCode.cpp:46

#22 0x00007ffff555289d in JSC::Interpreter::execute (this=0x788640, program=0x7fff9a2afef0, callFrame=0x7fff9a3af8e0, thisObj=0x7fffe004ffd8)
    at /home/reni2/data/REPOS/webkit/Source/JavaScriptCore/interpreter/Interpreter.cpp:851
#23 0x00007ffff56318a5 in JSC::evaluate (exec=0x7fff9a3af8e0, source=..., thisValue=..., returnedException=0x7fffffffcac0)
    at /home/reni2/data/REPOS/webkit/Source/JavaScriptCore/runtime/Completion.cpp:83
#24 0x00007ffff3f6c4cb in WebCore::JSMainThreadExecState::evaluate (exec=0x7fff9a3af8e0, source=..., thisValue=..., exception=0x7fffffffcac0)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/bindings/js/JSMainThreadExecState.h:74
#25 0x00007ffff3f8aa7a in WebCore::ScriptController::evaluateInWorld (this=0x785620, sourceCode=..., world=0x78f210)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/bindings/js/ScriptController.cpp:142
#26 0x00007ffff3f8ab80 in WebCore::ScriptController::evaluate (this=0x785620, sourceCode=...)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/bindings/js/ScriptController.cpp:158
#27 0x00007ffff4275a13 in WebCore::ScriptElement::executeScript (this=0x862db8, sourceCode=...)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/dom/ScriptElement.cpp:316
#28 0x00007ffff42751ee in WebCore::ScriptElement::prepareScript (this=0x862db8, scriptStartPosition=..., 
    supportLegacyTypes=WebCore::ScriptElement::DisallowLegacyTypeInTypeAttribute) at /home/reni2/data/REPOS/webkit/Source/WebCore/dom/ScriptElement.cpp:245
#29 0x00007ffff4425397 in WebCore::HTMLScriptRunner::runScript (this=0x77e010, script=0x862d50, scriptStartPosition=...)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:312
#30 0x00007ffff4424ae8 in WebCore::HTMLScriptRunner::execute (this=0x77e010, scriptElement=..., scriptStartPosition=...)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:181
#31 0x00007ffff44119f3 in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder (this=0x77fb30)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:271
#32 0x00007ffff4411ade in WebCore::HTMLDocumentParser::canTakeNextToken (this=0x77fb30, mode=WebCore::HTMLDocumentParser::AllowYield, session=...)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:290
#33 0x00007ffff44120f6 in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x77fb30, mode=WebCore::HTMLDocumentParser::AllowYield)
---Type <return> to continue, or q <return> to quit---
    at /home/reni2/data/REPOS/webkit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:535
#34 0x00007ffff4411861 in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x77fb30, mode=WebCore::HTMLDocumentParser::AllowYield)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:235
#35 0x00007ffff4412a00 in WebCore::HTMLDocumentParser::append (this=0x77fb30, inputSource=...)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:747
#36 0x00007ffff41a55c9 in WebCore::DecodedDataDocumentParser::flush (this=0x77fb30, writer=0x6a6f30)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/dom/DecodedDataDocumentParser.cpp:60
#37 0x00007ffff45aab37 in WebCore::DocumentWriter::end (this=0x6a6f30) at /home/reni2/data/REPOS/webkit/Source/WebCore/loader/DocumentWriter.cpp:245
#38 0x00007ffff459d6b0 in WebCore::DocumentLoader::finishedLoading (this=0x6a6e90, finishTime=0)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/loader/DocumentLoader.cpp:402
#39 0x00007ffff459d41e in WebCore::DocumentLoader::notifyFinished (this=0x6a6e90, resource=0x785f00)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/loader/DocumentLoader.cpp:344
#40 0x00007ffff4584714 in WebCore::CachedResource::checkNotify (this=0x785f00)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/loader/cache/CachedResource.cpp:369
#41 0x00007ffff45847ea in WebCore::CachedResource::finishLoading (this=0x785f00)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/loader/cache/CachedResource.cpp:385
#42 0x00007ffff4580f3c in WebCore::CachedRawResource::finishLoading (this=0x785f00, data=0x72d050)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/loader/cache/CachedRawResource.cpp:94
#43 0x00007ffff45e7569 in WebCore::SubresourceLoader::didFinishLoading (this=0x784c30, finishTime=0)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/loader/SubresourceLoader.cpp:282
#44 0x00007ffff45dde53 in WebCore::ResourceLoader::didFinishLoading (this=0x784c30, finishTime=0)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/loader/ResourceLoader.cpp:488
#45 0x00007ffff4a888fd in WebCore::QNetworkReplyHandler::finish (this=0x78e9b0)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:516
#46 0x00007ffff4a8761c in WebCore::QNetworkReplyHandlerCallQueue::flush (this=0x78e9e8)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:250
#47 0x00007ffff4a87319 in WebCore::QNetworkReplyHandlerCallQueue::push (this=0x78e9e8, 
    method=(void (WebCore::QNetworkReplyHandler::*)(WebCore::QNetworkReplyHandler * const)) 0x7ffff4a88742 <WebCore::QNetworkReplyHandler::finish()>)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:216
---Type <return> to continue, or q <return> to quit---
#48 0x00007ffff4a88266 in WebCore::QNetworkReplyWrapper::didReceiveFinished (this=0x78b6a0)
    at /home/reni2/data/REPOS/webkit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:409
#49 0x00007ffff4a8abf8 in WebCore::QNetworkReplyWrapper::qt_static_metacall (_o=0x78b6a0, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fffffffd560)
    at .moc/release-shared/moc_QNetworkReplyHandler.cpp:175
#50 0x00007ffff21c70e1 in QMetaObject::activate(QObject*, int, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#51 0x00007ffff21c873e in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#52 0x00007ffff301e1f4 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Widgets.so.5
#53 0x00007ffff30215d1 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Widgets.so.5
#54 0x00007ffff21a1a24 in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#55 0x00007ffff21a3961 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#56 0x00007ffff21e91f3 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#57 0x00007fffeecd8f05 in g_main_dispatch (context=0x664790) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3054
#58 g_main_context_dispatch (context=context at entry=0x664790) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3630
#59 0x00007fffeecd9248 in g_main_context_iterate (context=context at entry=0x664790, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>)
    at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3701
#60 0x00007fffeecd9304 in g_main_context_iteration (context=0x664790, may_block=1) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3762
#61 0x00007ffff21e9634 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#62 0x00007ffff21a08fb in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#63 0x00007ffff21a3e9e in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#64 0x00000000004219f2 in launcherMain (app=...) at /home/reni2/data/REPOS/webkit/Tools/QtTestBrowser/qttestbrowser.cpp:50
#65 0x00000000004234d2 in main (argc=2, argv=0x7fffffffe278) at /home/reni2/data/REPOS/webkit/Tools/QtTestBrowser/qttestbrowser.cpp:319

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list