[Webkit-unassigned] [Bug 223960] New: [GTK] Test editing/execCommand/insert-image-in-composed-list.html crashes with GCC

Tue Mar 30 14:57:33 PDT 2021

https://bugs.webkit.org/show_bug.cgi?id=223960

            Bug ID: 223960
           Summary: [GTK] Test
                    editing/execCommand/insert-image-in-composed-list.html
                    crashes with GCC
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKitGTK
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: clopez at igalia.com
                CC: bugs-noreply at webkitgtk.org,
                    julian_a_gonzalez at apple.com

Layout test editing/execCommand/insert-image-in-composed-list.html crashes in the GTK port when GCC (10.2.0 from flatpak SDK) is used as compiler.
The test doesn't crash when Clang (Release) is used.
And with GCC it only crashes on the Release build. On the Debug one it passes.
So this hints at some optimization done by GCC in Release mode triggering undefined behaviour or maybe a bug in GCC itself.

The crash has been happening since the test was added in bug 223545 (r274847)

The crash happens here:

Thread 1 (Thread 0x7f36450d19c0 (LWP 27320)):
#0  0x00007f364e24d400 in WebCore::Node::computeEditability(WebCore::Node::UserSelectAllTreatment, WebCore::Node::ShouldUpdateStyle) const () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#1  0x00007f364e24ea62 in WebCore::Node::rootEditableElement() const () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#2  0x00007f364e2cd2b7 in WebCore::DeleteSelectionCommand::removeRedundantBlocks() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#3  0x00007f364e2e78a8 in WebCore::DeleteSelectionCommand::doApply() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#4  0x00007f364f544dd2 in WebCore::CompositeEditCommand::applyCommandToComposite(WTF::Ref<WebCore::EditCommand, WTF::RawPtrTraits<WebCore::EditCommand> >&&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#5  0x00007f364f549e1b in WebCore::CompositeEditCommand::deleteSelection(bool, bool, bool, bool, bool) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#6  0x00007f364e34c618 in WebCore::ReplaceSelectionCommand::doApply() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#7  0x00007f364f544d01 in WebCore::CompositeEditCommand::apply() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#8  0x00007f364e2eb2c8 in WebCore::executeInsertFragment(WebCore::Frame&, WTF::Ref<WebCore::DocumentFragment, WTF::RawPtrTraits<WebCore::DocumentFragment> >&&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#9  0x00007f364e2ec2f0 in WebCore::executeInsertImage(WebCore::Frame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#10 0x00007f364e1d5f05 in WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#11 0x00007f364d320294 in WebCore::jsDocumentPrototypeFunction_execCommand(JSC::JSGlobalObject*, JSC::CallFrame*) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#12 0x00007f36043ff1d8 in  ()
#13 0x00007fff52b182e0 in  ()
#14 0x00007f3649b486ee in llint_op_call () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#15 0x0000000000000000 in  ()

All editing/ tests are currently skipped on WPE port, so this issue is only visible on GTK for now.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210330/f88152a1/attachment.htm>