[Webkit-unassigned] [Bug 150209] New: Null dereference loading Blink layout test editing/execCommand/insert-ordered-list-crash.html
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 15 17:00:13 PDT 2015
https://bugs.webkit.org/show_bug.cgi?id=150209
Bug ID: 150209
Summary: Null dereference loading Blink layout test
editing/execCommand/insert-ordered-list-crash.html
Classification: Unclassified
Product: WebKit
Version: WebKit Local Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Keywords: BlinkMergeCandidate, HasReduction, NeedsRadar
Severity: Normal
Priority: P2
Component: HTML Editing
Assignee: webkit-unassigned at lists.webkit.org
Reporter: jhoneycutt at apple.com
CC: webkit-bug-importer at group.apple.com
Created attachment 263226
--> https://bugs.webkit.org/attachment.cgi?id=263226&action=review
crashing test
Null dereference loading Blink layout test editing/execCommand/insert-ordered-list-crash.html.
Stack trace:
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGABRT)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000048
VM Regions Near 0x48:
-->
__TEXT 0000000100196000-0000000100230000 [ 616K] r-x/rwx SM=COW /Users/USER/*
Application Specific Information:
CRASHING TEST: blink-tests-that-are-unknown/editing/execCommand/insert-ordered-list-crash.html
================================================================
==21909==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000048 (pc 0x000105900d91 bp 0x7fff5fa61890 sp 0x7fff5fa61890 T0)
#0 0x105900d90 in WebCore::ContainerNode::lastChild() const ContainerNode.h:88
#1 0x105c0954e in WebCore::CompositeEditCommand::insertNodeAfter(WTF::PassRefPtr<WebCore::Node>, WTF::PassRefPtr<WebCore::Node>) CompositeEditCommand.cpp:357
#2 0x10674f054 in WebCore::InsertListCommand::unlistifyParagraph(WebCore::VisiblePosition const&, WebCore::HTMLElement*, WebCore::Node*) InsertListCommand.cpp:309
#3 0x10674de8c in WebCore::InsertListCommand::doApplyForSingleParagraph(bool, WebCore::HTMLQualifiedName const&, WebCore::Range*) InsertListCommand.cpp:252
#4 0x10674cc88 in WebCore::InsertListCommand::doApply() InsertListCommand.cpp:192
#5 0x105c07b7b in WebCore::CompositeEditCommand::apply() CompositeEditCommand.cpp:229
#6 0x106199c53 in WebCore::executeInsertOrderedList(WebCore::Frame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) EditorCommand.cpp:518
#7 0x10619685e in WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const EditorCommand.cpp:1704
#8 0x105f6e979 in WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) Document.cpp:4657
#9 0x1069dc260 in WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::ExecState*) JSDocument.cpp:5093
#10 0x57fbfd401027 (<unknown module>)
#11 0x100fcf5dd in llint_entry (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xab45dd)
#12 0x100fc9a0a in vmEntryToJavaScript (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xaaea0a)
#13 0x100d2b07d in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) JITCode.cpp:80
#14 0x100ce8714 in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) Interpreter.cpp:1024
#15 0x1005f99d1 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) CallData.cpp:39
#16 0x1005f9ac1 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) CallData.cpp:44
#17 0x10690c9c7 in WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) JSMainThreadExecState.h:56
#18 0x106afef5d in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) JSEventListener.cpp:130
#19 0x106222d21 in WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow, 16ul>&) EventTarget.cpp:256
#20 0x106222721 in WebCore::EventTarget::fireEventListeners(WebCore::Event*) EventTarget.cpp:208
#21 0x1061e5897 in WebCore::EventContext::handleLocalEvents(WebCore::Event&) const EventContext.cpp:54
#22 0x1061e850c in WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&, WebCore::WindowEventContext&) EventDispatcher.cpp:294
#23 0x1061e79b5 in WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WTF::PassRefPtr<WebCore::Event>) EventDispatcher.cpp:342
#24 0x1078cda01 in WebCore::ScopedEventQueue::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) const ScopedEventQueue.cpp:59
#25 0x1078cd787 in WebCore::ScopedEventQueue::enqueueEvent(WTF::PassRefPtr<WebCore::Event>) ScopedEventQueue.cpp:51
#26 0x1061e6897 in WebCore::EventDispatcher::dispatchScopedEvent(WebCore::Node&, WTF::PassRefPtr<WebCore::Event>) EventDispatcher.cpp:210
#27 0x107301c96 in WebCore::Node::dispatchScopedEvent(WTF::PassRefPtr<WebCore::Event>) Node.cpp:2136
#28 0x1073020a7 in WebCore::Node::dispatchSubtreeModifiedEvent() Node.cpp:2161
#29 0x105c2b815 in WebCore::ContainerNode::removeChild(WebCore::Node&, int&) ContainerNode.cpp:566
#30 0x1072f8d24 in WebCore::Node::removeChild(WebCore::Node*, int&) Node.cpp:448
#31 0x107411e4a in WebCore::Range::processAncestorsAndTheirSiblings(WebCore::Range::ActionType, WebCore::Node*, WebCore::Range::ContentsProcessDirection, WTF::PassRefPtr<WebCore::Node>, WebCore::Node*, int&) Range.cpp:806
#32 0x10740e56b in WebCore::Range::processContents(WebCore::Range::ActionType, int&) Range.cpp:626
#33 0x10740dd75 in WebCore::Range::deleteContents(int&) Range.cpp:492
#34 0x1060f1f83 in WebCore::DOMSelection::deleteFromDocument() DOMSelection.cpp:439
#35 0x106a2ae7a in WebCore::jsDOMSelectionPrototypeFunctionDeleteFromDocument(JSC::ExecState*) JSDOMSelection.cpp:454
#36 0x57fbfd401027 (<unknown module>)
#37 0x100fcf64f in llint_entry (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xab464f)
#38 0x100fc9a0a in vmEntryToJavaScript (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xaaea0a)
#39 0x100d2b07d in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) JITCode.cpp:80
#40 0x100ce8714 in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) Interpreter.cpp:1024
#41 0x1005f99d1 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) CallData.cpp:39
#42 0x1005f9ac1 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) CallData.cpp:44
#43 0x10690c9c7 in WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) JSMainThreadExecState.h:56
#44 0x106afef5d in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) JSEventListener.cpp:130
#45 0x106222d21 in WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow, 16ul>&) EventTarget.cpp:256
#46 0x106222721 in WebCore::EventTarget::fireEventListeners(WebCore::Event*) EventTarget.cpp:208
#47 0x1061e5897 in WebCore::EventContext::handleLocalEvents(WebCore::Event&) const EventContext.cpp:54
#48 0x1061e8453 in WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&, WebCore::WindowEventContext&) EventDispatcher.cpp:280
#49 0x1061e79b5 in WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WTF::PassRefPtr<WebCore::Event>) EventDispatcher.cpp:342
#50 0x107301e14 in WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) Node.cpp:2145
#51 0x105f70f3c in WebCore::Document::finishedParsing() Document.cpp:4880
#52 0x106503d3d in WebCore::HTMLDocumentParser::prepareToStopParsing() HTMLDocumentParser.cpp:132
#53 0x10600095c in WebCore::DocumentWriter::end() DocumentWriter.cpp:247
#54 0x105fc8b67 in WebCore::DocumentLoader::finishedLoading(double) DocumentLoader.cpp:437
#55 0x105b27ca7 in WebCore::CachedResource::checkNotify() CachedResource.cpp:297
#56 0x105b22ff9 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) CachedRawResource.cpp:103
#57 0x107bb0588 in WebCore::SubresourceLoader::didFinishLoading(double) SubresourceLoader.cpp:372
#58 0x7fff8c4a3850 in __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e850)
#59 0x7fff8c4a3765 in -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e765)
#60 0x7fff8c4a366a in -[NSURLConnectionInternal _withActiveConnectionAndDelegate:] (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e66a)
#61 0x7fff8c4a8491 in ___ZN27URLConnectionClient_Classic26_delegate_didFinishLoadingEU13block_pointerFvvE_block_invoke (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x33491)
#62 0x7fff8c63c976 in ___ZN27URLConnectionClient_Classic18_withDelegateAsyncEPKcU13block_pointerFvP16_CFURLConnectionPK33CFURLConnectionClientCurrent_VMaxE_block_invoke_2 (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x1c7976)
#63 0x7fff9a99c3c2 in _dispatch_client_callout (/usr/lib/system/libdispatch.dylib+0x23c2)
#64 0x7fff9a9aa0bd in _dispatch_block_invoke (/usr/lib/system/libdispatch.dylib+0x100bd)
#65 0x7fff8c4a3527 in RunloopBlockContext::_invoke_block(void const*, void*) (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e527)
#66 0x7fff96f5ce63 in CFArrayApplyFunction (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x4ce63)
#67 0x7fff8c4a3420 in RunloopBlockContext::perform() (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e420)
#68 0x7fff8c4a32c1 in MultiplexerSource::perform() (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e2c1)
#69 0x7fff8c4a30e3 in MultiplexerSource::_perform(void*) (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e0e3)
#70 0x7fff96fba8b0 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa8b0)
#71 0x7fff96f9a0ab in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x8a0ab)
#72 0x7fff96f995ce in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x895ce)
#73 0x7fff96f98fc7 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88fc7)
#74 0x1001b898d in runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) DumpRenderTree.mm:2030
#75 0x1001b7f39 in runTestingServerLoop() DumpRenderTree.mm:1180
#76 0x1001b7267 in dumpRenderTree(int, char const**) DumpRenderTree.mm:1288
#77 0x1001b92b1 in DumpRenderTreeMain(int, char const**) DumpRenderTree.mm:1418
#78 0x7fff931e95ac in start (/usr/lib/system/libdyld.dylib+0x35ac)
#79 0x1 (<unknown module>)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151016/9c864d15/attachment-0001.html>
More information about the webkit-unassigned
mailing list