[Webkit-unassigned] [Bug 191921] New: REGRESSION (r236785): Nullptr crash in StyledMarkupAccumulator::traverseNodesForSerialization

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Nov 23 01:17:53 PST 2018 

https://bugs.webkit.org/show_bug.cgi?id=191921

            Bug ID: 191921
           Summary: REGRESSION (r236785): Nullptr crash in
                    StyledMarkupAccumulator::traverseNodesForSerialization
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: HTML Editing
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rniwa at webkit.org
                CC: wenson_hsieh at apple.com

e.g.

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore                   0x0000000105712c10 WebCore::StyledMarkupAccumulator::traverseNodesForSerialization(WebCore::Node*, WebCore::Node*, WebCore::StyledMarkupAccumulator::NodeTraversalMode) + 112
1   com.apple.WebCore                   0x0000000105712951 WebCore::StyledMarkupAccumulator::serializeNodes(WebCore::Position const&, WebCore::Position const&) + 113
2   com.apple.WebCore                   0x0000000105714481 WebCore::serializePreservingVisualAppearanceInternal(WebCore::Position const&, WebCore::Position const&, WTF::Vector<WebCore::Node*, 0ul, WTF::CrashOnOverflow, 16ul>*, WebCore::ResolveURLs, WebCore::SerializeComposedTree, WebCore::AnnotateForInterchange, WebCore::ConvertBlocksToInlines, WebCore::MSOListMode) + 2801
3   com.apple.WebCore                   0x0000000105714d7b WebCore::serializePreservingVisualAppearance(WebCore::VisibleSelection const&, WebCore::ResolveURLs, WebCore::SerializeComposedTree, WTF::Vector<WebCore::Node*, 0ul, WTF::CrashOnOverflow, 16ul>*) + 107
4   com.apple.WebCore                   0x00000001059524ae WebCore::LegacyWebArchive::createFromSelection(WebCore::Frame*) + 238
5   com.apple.WebCore                   0x0000000104b41e58 WebCore::Editor::selectionInWebArchiveFormat() + 24
6   com.apple.WebCore                   0x0000000104b4162f WebCore::Editor::writeSelectionToPasteboard(WebCore::Pasteboard&) + 239
7   com.apple.WebCore                   0x00000001056b883c WebCore::Editor::performCutOrCopy(WebCore::Editor::EditorActionSpecifier) + 684
8   com.apple.WebCore                   0x00000001056c6200 WebCore::executeCopy(WebCore::Frame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) + 16
9   com.apple.WebKit                    0x0000000103a588fc WebKit::WebPage::executeEditingCommand(WTF::String const&, WTF::String const&) + 102
10  com.apple.WebKit                    0x0000000103e0ede3 WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&) + 9827
11  com.apple.WebKit                    0x0000000103a9bf5b IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 127
12  com.apple.WebKit                    0x0000000103d5c488 WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 28

<rdar://problem/45562959>

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181123/7b7d1f28/attachment.html>

More information about the webkit-unassigned mailing list