[Webkit-unassigned] [Bug 150207] New: Null dereference loading Blink layout test editing/execCommand/format-block-uneditable-crash.html
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 15 16:53:04 PDT 2015
https://bugs.webkit.org/show_bug.cgi?id=150207
Bug ID: 150207
Summary: Null dereference loading Blink layout test
editing/execCommand/format-block-uneditable-crash.html
Classification: Unclassified
Product: WebKit
Version: WebKit Local Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Keywords: HasReduction, NeedsRadar
Severity: Normal
Priority: P2
Component: HTML Editing
Assignee: webkit-unassigned at lists.webkit.org
Reporter: jhoneycutt at apple.com
CC: webkit-bug-importer at group.apple.com
Created attachment 263224
--> https://bugs.webkit.org/attachment.cgi?id=263224&action=review
Crashing test
Null dereference loading Blink layout test editing/execCommand/format-block-uneditable-crash.html.
Stack trace:
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGABRT)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000014
VM Regions Near 0x14:
-->
__TEXT 000000010c416000-000000010c4b0000 [ 616K] r-x/rwx SM=COW /Users/USER/*
Application Specific Information:
CRASHING TEST: blink-tests-that-are-unknown/editing/execCommand/format-block-uneditable-crash.html
================================================================
==21895==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000014 (pc 0x000111b5fab2 bp 0x7fff537e2570 sp 0x7fff537e2570 T0)
#0 0x111b5fab1 in WebCore::Node::getFlag(WebCore::Node::NodeFlags) const Node.h:641
#1 0x111b941bb in WebCore::lastPositionInNode(WebCore::Node*) Position.h:313
#2 0x111c4b6e1 in WebCore::ApplyBlockElementCommand::rangeForParagraphSplittingTextNodesIfNeeded(WebCore::VisiblePosition const&, WebCore::Position&, WebCore::Position&) ApplyBlockElementCommand.cpp:248
#3 0x111c4a29e in WebCore::ApplyBlockElementCommand::formatSelection(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&) ApplyBlockElementCommand.cpp:126
#4 0x11257d4a7 in WebCore::FormatBlockCommand::formatSelection(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&) FormatBlockCommand.cpp:59
#5 0x111c49397 in WebCore::ApplyBlockElementCommand::doApply() ApplyBlockElementCommand.cpp:86
#6 0x111e7eb7b in WebCore::CompositeEditCommand::apply() CompositeEditCommand.cpp:229
#7 0x11240fa24 in WebCore::executeFormatBlock(WebCore::Frame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) EditorCommand.cpp:425
#8 0x11240d85e in WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const EditorCommand.cpp:1704
#9 0x1121e5979 in WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) Document.cpp:4657
#10 0x112c53260 in WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::ExecState*) JSDocument.cpp:5093
#11 0x2abca0401027 (<unknown module>)
#12 0x10d24664f in llint_entry (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xab464f)
#13 0x10d246a49 in llint_entry (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xab4a49)
#14 0x10d24664f in llint_entry (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xab464f)
#15 0x10d24664f in llint_entry (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xab464f)
#16 0x10d240a0a in vmEntryToJavaScript (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xaaea0a)
#17 0x10cfa207d in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) JITCode.cpp:80
#18 0x10cf5ecc6 in JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) Interpreter.cpp:961
#19 0x10c921689 in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) Completion.cpp:104
#20 0x112f0f3ad in WebCore::JSMainThreadExecState::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) JSMainThreadExecState.h:62
#21 0x113b4b410 in WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) ScriptController.cpp:164
#22 0x113b4b618 in WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) ScriptController.cpp:180
#23 0x113b5d586 in WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) ScriptElement.cpp:309
#24 0x113b5ae6a in WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) ScriptElement.cpp:242
#25 0x1128509cb in WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition const&) HTMLScriptRunner.cpp:308
#26 0x112850705 in WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element>, WTF::TextPosition const&) HTMLScriptRunner.cpp:177
#27 0x11277ba6f in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() HTMLDocumentParser.cpp:195
#28 0x11277bce3 in WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode, WebCore::PumpSession&) HTMLDocumentParser.cpp:213
#29 0x11277b2a8 in WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) HTMLDocumentParser.cpp:259
#30 0x11277cc9d in WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution() HTMLDocumentParser.cpp:496
#31 0x11277cf61 in WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) HTMLDocumentParser.cpp:536
#32 0x111d9eca7 in WebCore::CachedResource::checkNotify() CachedResource.cpp:297
#33 0x113e27588 in WebCore::SubresourceLoader::didFinishLoading(double) SubresourceLoader.cpp:372
#34 0x7fff8c4a3850 in __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e850)
#35 0x7fff8c4a3765 in -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e765)
#36 0x7fff8c4a366a in -[NSURLConnectionInternal _withActiveConnectionAndDelegate:] (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e66a)
#37 0x7fff8c4a8491 in ___ZN27URLConnectionClient_Classic26_delegate_didFinishLoadingEU13block_pointerFvvE_block_invoke (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x33491)
#38 0x7fff8c63c976 in ___ZN27URLConnectionClient_Classic18_withDelegateAsyncEPKcU13block_pointerFvP16_CFURLConnectionPK33CFURLConnectionClientCurrent_VMaxE_block_invoke_2 (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x1c7976)
#39 0x7fff9a99c3c2 in _dispatch_client_callout (/usr/lib/system/libdispatch.dylib+0x23c2)
#40 0x7fff9a9aa0bd in _dispatch_block_invoke (/usr/lib/system/libdispatch.dylib+0x100bd)
#41 0x7fff8c4a3527 in RunloopBlockContext::_invoke_block(void const*, void*) (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e527)
#42 0x7fff96f5ce63 in CFArrayApplyFunction (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x4ce63)
#43 0x7fff8c4a3420 in RunloopBlockContext::perform() (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e420)
#44 0x7fff8c4a32c1 in MultiplexerSource::perform() (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e2c1)
#45 0x7fff8c4a30e3 in MultiplexerSource::_perform(void*) (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e0e3)
#46 0x7fff96fba8b0 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa8b0)
#47 0x7fff96f9a0ab in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x8a0ab)
#48 0x7fff96f995ce in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x895ce)
#49 0x7fff96f98fc7 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88fc7)
#50 0x10c43898d in runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) DumpRenderTree.mm:2030
#51 0x10c437f39 in runTestingServerLoop() DumpRenderTree.mm:1180
#52 0x10c437267 in dumpRenderTree(int, char const**) DumpRenderTree.mm:1288
#53 0x10c4392b1 in DumpRenderTreeMain(int, char const**) DumpRenderTree.mm:1418
#54 0x7fff931e95ac in start (/usr/lib/system/libdyld.dylib+0x35ac)
#55 0x1 (<unknown module>)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151015/d97a490d/attachment.html>
More information about the webkit-unassigned
mailing list