<html>
    <head>
      <base href="https://bugs.webkit.org/" />
    </head>
    <body><span class="vcard"><a class="email" href="mailto:Hironori.Fujii&#64;sony.com" title="Fujii Hironori &lt;Hironori.Fujii&#64;sony.com&gt;"> <span class="fn">Fujii Hironori</span></a>
</span> changed
              <a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - null m_lastNodeInserted dereference at ReplaceSelectionCommand::InsertedNodes::lastLeafInserted"
   href="https://bugs.webkit.org/show_bug.cgi?id=161947">bug 161947</a>
        <br>
             <table border="1" cellspacing="0" cellpadding="8">
          <tr>
            <th>What</th>
            <th>Removed</th>
            <th>Added</th>
          </tr>

         <tr>
           <td style="text-align:right;">Summary</td>
           <td>[GTK] SIGSEGV at WebCore::Node::lastDescendant in editing/inserting/insert-table-in-paragraph-crash.html
           </td>
           <td>null m_lastNodeInserted dereference at ReplaceSelectionCommand::InsertedNodes::lastLeafInserted
           </td>
         </tr>

         <tr>
           <td style="text-align:right;">Component</td>
           <td>WebKit Gtk
           </td>
           <td>HTML Editing
           </td>
         </tr></table>
      <p>
        <div>
            <b><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - null m_lastNodeInserted dereference at ReplaceSelectionCommand::InsertedNodes::lastLeafInserted"
   href="https://bugs.webkit.org/show_bug.cgi?id=161947#c2">Comment # 2</a>
              on <a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - null m_lastNodeInserted dereference at ReplaceSelectionCommand::InsertedNodes::lastLeafInserted"
   href="https://bugs.webkit.org/show_bug.cgi?id=161947">bug 161947</a>
              from <span class="vcard"><a class="email" href="mailto:Hironori.Fujii&#64;sony.com" title="Fujii Hironori &lt;Hironori.Fujii&#64;sony.com&gt;"> <span class="fn">Fujii Hironori</span></a>
</span></b>
        <pre>m_lastNodeInserted was null at ReplaceSelectionCommand::InsertedNodes::lastLeafInserted.

I've confirmed this problem happens even in debug build of Gtk port If I apply following patch, 

<span class="quote">&gt; --- a/Source/WebCore/editing/ReplaceSelectionCommand.h
&gt; +++ b/Source/WebCore/editing/ReplaceSelectionCommand.h
&gt; &#64;&#64; -68,7 +68,10 &#64;&#64; private:
&gt;          void didReplaceNode(Node*, Node* newNode);
&gt;  
&gt;          Node* firstNodeInserted() const { return m_firstNodeInserted.get(); }
&gt; -        Node* lastLeafInserted() const { return m_lastNodeInserted-&gt;lastDescendant(); }
&gt; +        Node* lastLeafInserted() const {
&gt; +            ASSERT(m_lastNodeInserted);
&gt; +            return m_lastNodeInserted-&gt;lastDescendant();
&gt; +        }
&gt;          Node* pastLastLeaf() const
&gt;          {
&gt;              if (m_lastNodeInserted) {</span >

This bug doesn't seem Gtk port specific.</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>