[Webkit-unassigned] [Bug 273581] New: Crash in CheckedPtr::decrementPtrCount via SplitTextNodeContainingElementCommand::doApply
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed May 1 15:10:12 PDT 2024
https://bugs.webkit.org/show_bug.cgi?id=273581
Bug ID: 273581
Summary: Crash in CheckedPtr::decrementPtrCount via
SplitTextNodeContainingElementCommand::doApply
Product: WebKit
Version: Safari Technology Preview
Hardware: Unspecified
OS: Unspecified
Status: NEW
Keywords: InRadar
Severity: Normal
Priority: P2
Component: HTML Editing
Assignee: webkit-unassigned at lists.webkit.org
Reporter: rniwa at webkit.org
CC: wenson_hsieh at apple.com
e.g.
0 WebCore 0x11a8e45d8 OUTLINED_FUNCTION_0 + 8
1 WebCore 0x11b8c0ba4 WTFCrashWithInfo(int, char const*, char const*, int) + 24 [inlined]
2 WebCore 0x11b8c0ba4 WTF::CanMakeCheckedPtrBase<WTF::SingleThreadIntegralWrapper<unsigned int>, unsigned int>::decrementPtrCount() const + 24 (CheckedRef.h:286) [inlined]
3 WebCore 0x11b8c0ba4 WTF::CheckedPtr<WebCore::RenderElement, WTF::RawPtrTraits<WebCore::RenderElement>>::derefIfNotNull() + 24 (CheckedPtr.h:185) [inlined]
4 WebCore 0x11b8c0ba4 WTF::CheckedPtr<WebCore::RenderElement, WTF::RawPtrTraits<WebCore::RenderElement>>::~CheckedPtr() + 24 (CheckedPtr.h:72) [inlined]
5 WebCore 0x11b8c0ba4 WTF::CheckedPtr<WebCore::RenderElement, WTF::RawPtrTraits<WebCore::RenderElement>>::~CheckedPtr() + 24 (CheckedPtr.h:71) [inlined]
6 WebCore 0x11b8c0ba4 WebCore::SplitTextNodeContainingElementCommand::doApply() (.cold.1) + 24 (SplitTextNodeContainingElementCommand.cpp:65)
7 WebCore 0x11a845c40 WebCore::CompositeEditCommand::applyCommandToComposite(WTF::Ref<WebCore::EditCommand, WTF::RawPtrTraits<WebCore::EditCommand>, WTF::DefaultRefDerefTraits<WebCore::EditCommand>>&&) + 136 (CompositeEditCommand.cpp:498)
8 WebCore 0x11a841e00 WebCore::CompositeEditCommand::splitTextNodeContainingElement(WebCore::Text&, unsigned int) + 80 (CompositeEditCommand.cpp:729)
9 WebCore 0x11a83d638 WebCore::ApplyStyleCommand::splitTextElementAtEnd(WebCore::Position const&, WebCore::Position const&) + 92 (ApplyStyleCommand.cpp:1235)
10 WebCore 0x11a839b10 WebCore::ApplyStyleCommand::applyInlineStyle(WebCore::EditingStyle&) + 780 (ApplyStyleCommand.cpp:593)
11 WebCore 0x11a837a24 WebCore::ApplyStyleCommand::doApply() + 160 (ApplyStyleCommand.cpp:203)
12 WebCore 0x11a845c40 WebCore::CompositeEditCommand::applyCommandToComposite(WTF::Ref<WebCore::EditCommand, WTF::RawPtrTraits<WebCore::EditCommand>, WTF::DefaultRefDerefTraits<WebCore::EditCommand>>&&) + 136 (CompositeEditCommand.cpp:498)
13 WebCore 0x11a8b2f04 WebCore::RemoveFormatCommand::doApply() + 244 (RemoveFormatCommand.cpp:98)
14 WebCore 0x11a83344c WebCore::CompositeEditCommand::apply() + 300 (CompositeEditCommand.cpp:402)
15 WebCore 0x11a87343c WebCore::Editor::removeFormattingAndStyle() + 68 (Editor.cpp:961)
16 WebCore 0x11a89b520 WebCore::executeRemoveFormat(WebCore::LocalFrame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) + 24 (EditorCommand.cpp:1012)
17 WebCore 0x11a7359a4 WebCore::Document::execCommand(WTF::String const&, bool, std::__1::variant<WTF::String, WTF::RefPtr<WebCore::TrustedHTML, WTF::RawPtrTraits<WebCore::TrustedHTML>, WTF::DefaultRefDerefTraits<WebCore::TrustedHTML>>> const&) + 224 (Document.cpp:6928)
18 WebCore 0x119719b98 WebCore::jsDocumentPrototypeFunction_execCommandBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDocument*) + 440 (JSDocument.cpp:6446)
<rdar://127116949>
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240501/7db1f489/attachment.htm>
More information about the webkit-unassigned
mailing list