[Webkit-unassigned] [Bug 216778] New: [GTK] REGRESSION(r267329): imported/blink/editing/undo/crash-redo-with-iframes.html is crashing

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Sep 21 07:02:05 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=216778

            Bug ID: 216778
           Summary: [GTK] REGRESSION(r267329):
                    imported/blink/editing/undo/crash-redo-with-iframes.ht
                    ml is crashing
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: dpino at igalia.com

The test started crashing in r267329. The test is passing in WPE though.

https://results.webkit.org/?suite=layout-tests&test=imported%2Fblink%2Fediting%2Fundo%2Fcrash-redo-with-iframes.html&platform=GTK&platform=WPE&platform=ios&platform=mac

Crash-log: https://build.webkit.org/results/GTK%20Linux%2064-bit%20Release%20(Tests)/r267339%20(15944)/imported/blink/editing/undo/crash-redo-with-iframes-crash-log.txt

Thread 1 (Thread 0x7fc99b7749c0 (LWP 129780)):
#0  0x00007fc9a5b578c6 in WebCore::StyledMarkupAccumulator::traverseNodesForSerialization(WebCore::Node*, WebCore::Node*, WebCore::StyledMarkupAccumulator::NodeTraversalMode) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#1  0x00007fc9a5b57727 in WebCore::StyledMarkupAccumulator::serializeNodes(WebCore::Position const&, WebCore::Position const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#2  0x00007fc9a5b5945a in WebCore::serializePreservingVisualAppearanceInternal(WebCore::Position const&, WebCore::Position const&, WTF::Vector<WebCore::Node*, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*, WebCore::ResolveURLs, WebCore::SerializeComposedTree, WebCore::AnnotateForInterchange, WebCore::ConvertBlocksToInlines, WebCore::StandardFontFamilySerializationMode, WebCore::MSOListMode) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#3  0x00007fc9a5b59ea2 in WebCore::serializePreservingVisualAppearance(WebCore::VisibleSelection const&, WebCore::ResolveURLs, WebCore::SerializeComposedTree, WTF::Vector<WebCore::Node*, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#4  0x00007fc9a4cc7e18 in WebKit::WebEditorClient::updateGlobalSelection(WebCore::Frame*) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#5  0x00007fc9a4ca9f4e in WebKit::WebEditorClient::respondToChangedSelection(WebCore::Frame*) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#6  0x00007fc9a5ae46e7 in WebCore::Editor::respondToChangedSelection(WebCore::VisibleSelection const&, WTF::OptionSet<WebCore::FrameSelection::SetSelectionOption>) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#7  0x00007fc9a5aea220 in WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance(WebCore::VisibleSelection const&, WTF::OptionSet<WebCore::FrameSelection::SetSelectionOption>, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#8  0x00007fc9a5acea15 in WebCore::FrameSelection::setSelection(WebCore::VisibleSelection const&, WTF::OptionSet<WebCore::FrameSelection::SetSelectionOption>, WebCore::AXTextStateChangeIntent, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#9  0x00007fc9a5ace666 in WebCore::FrameSelection::selectAll() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#10 0x00007fc9a5af8d54 in WebCore::executeSelectAll(WebCore::Frame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#11 0x00007fc9a59d3416 in WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#12 0x00007fc9a4f5e0c4 in WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::JSGlobalObject*, JSC::CallFrame*) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#13 0x00007fc95aaff178 in  ()
#14 0x00007ffd2b48d8b0 in  ()
#15 0x00007fc9a1112ff0 in llint_op_call () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#16 0x0000000000000000 in  ()

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200921/3a6a3c14/attachment-0001.htm>

More information about the webkit-unassigned mailing list