<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - ASSERTION FAILED: renderer() in WebCore::HTMLTextAreaElement::updateValue"
href="https://bugs.webkit.org/show_bug.cgi?id=150236">150236</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>ASSERTION FAILED: renderer() in WebCore::HTMLTextAreaElement::updateValue
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>WebKit Local Build
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>HTML Editing
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>rhodovan.u-szeged@partner.samsung.com
</td>
</tr>
<tr>
<th>CC</th>
<td>darin@apple.com, mrowe@bdash.net.nz
</td>
</tr>
<tr>
<th>Blocks</th>
<td>116980
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=263277" name="attach_263277" title="Test">attachment 263277</a> <a href="attachment.cgi?id=263277&action=edit" title="Test">[details]</a></span>
Test
Load this with debug WebKit:
<!DOCTYPE html>
<textarea autofocus></textarea>
<script>
document.designMode = 'on';
document.execCommand("selectAll", false, null);
</script>
<body hidden>
<li>
<script>
document.execCommand("selectAll", false, null);
document.execCommand("cut", true , null);
document.execCommand("insertParagraph", true , null);
</script>
Backtrace:
ASSERTION FAILED: renderer()
../../Source/WebCore/html/HTMLTextAreaElement.cpp(341) : void WebCore::HTMLTextAreaElement::updateValue() const
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff8effd700 (LWP 27716)]
0x00007fffec497eda in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321 *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0 0x00007fffec497eda in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1 0x00007ffff2bf0a0e in WebCore::HTMLTextAreaElement::updateValue (this=0x7fffd5bb6000) at ../../Source/WebCore/html/HTMLTextAreaElement.cpp:341
#2 0x00007ffff2bf0ace in WebCore::HTMLTextAreaElement::value (this=0x7fffd5bb6000) at ../../Source/WebCore/html/HTMLTextAreaElement.cpp:351
#3 0x00007ffff2bf14c6 in WebCore::HTMLTextAreaElement::tooLong (this=0x7fffd5bb6000) at ../../Source/WebCore/html/HTMLTextAreaElement.cpp:466
#4 0x00007ffff2b2d593 in WebCore::FormAssociatedElement::valid (this=0x7fffd5bb6068) at ../../Source/WebCore/html/FormAssociatedElement.cpp:218
#5 0x00007ffff2b6ac91 in WebCore::HTMLFormControlElement::updateValidity (this=0x7fffd5bb6000) at ../../Source/WebCore/html/HTMLFormControlElement.cpp:497
#6 0x00007ffff2bf0503 in WebCore::HTMLTextAreaElement::subtreeHasChanged (this=0x7fffd5bb6000) at ../../Source/WebCore/html/HTMLTextAreaElement.cpp:282
#7 0x00007ffff2bf2e97 in WebCore::HTMLTextFormControlElement::didEditInnerTextValue (this=0x7fffd5bb6000)
at ../../Source/WebCore/html/HTMLTextFormControlElement.cpp:111
#8 0x00007ffff2a5fdd7 in WebCore::notifyTextFromControls (startRoot=0x7fffd5be24e0, endRoot=0x7fffd5be24e0) at ../../Source/WebCore/editing/Editor.cpp:1002
#9 0x00007ffff2a6018b in WebCore::Editor::appliedEditing (this=0x7fffd5aec000, cmd=...) at ../../Source/WebCore/editing/Editor.cpp:1025
#10 0x00007ffff2acf0c0 in WebCore::TypingCommand::typingAddedToOpenCommand (this=0x7fffd5aa4000,
commandTypeForAddedTyping=WebCore::TypingCommand::InsertParagraphSeparator) at ../../Source/WebCore/editing/TypingCommand.cpp:359
#11 0x00007ffff2acf45e in WebCore::TypingCommand::insertParagraphSeparator (this=0x7fffd5aa4000) at ../../Source/WebCore/editing/TypingCommand.cpp:399
#12 0x00007ffff2acebcc in WebCore::TypingCommand::doApply (this=0x7fffd5aa4000) at ../../Source/WebCore/editing/TypingCommand.cpp:275
#13 0x00007ffff2a2bd72 in WebCore::CompositeEditCommand::apply (this=0x7fffd5aa4000) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:229
#14 0x00007ffff2a2bb23 in WebCore::applyCommand (command=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:188
#15 0x00007ffff2ace7de in WebCore::TypingCommand::insertParagraphSeparator (document=..., options=0) at ../../Source/WebCore/editing/TypingCommand.cpp:222
#16 0x00007ffff2a76a1c in WebCore::executeInsertParagraph (frame=...) at ../../Source/WebCore/editing/EditorCommand.cpp:524
#17 0x00007ffff2a7a5ca in WebCore::Editor::Command::execute (this=0x7fffffffb920, parameter=..., triggeringEvent=0x0)
at ../../Source/WebCore/editing/EditorCommand.cpp:1704
#18 0x00007ffff28df7f7 in WebCore::Document::execCommand (this=0x7fffd581ea00, commandName=..., userInterface=true, value=...)
at ../../Source/WebCore/dom/Document.cpp:4657
#19 0x00007ffff3a87d9f in WebCore::jsDocumentPrototypeFunctionExecCommand (state=0x7fffffffb9f0) at DerivedSources/WebCore/JSDocument.cpp:5101
#20 0x00007fff953e00c8 in ?? ()
#21 0x00007fffffffba70 in ?? ()
#22 0x00007fffec440591 in llint_entry () from /home/reni/data/REPOS/fuzztargets/webkit/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>